CHANGES revision d58e33bfabfee19a035031dac633d36659738d56
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3714. [test] System tests that need to test for cryptography
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater support before running can now use a common
7a2a1b8b14fc804ac80612d7b98064095e445be5Automatic Updater "testcrypto.sh" script to do so. [RT #35213]
1167fc7904c5f0a472f8df207ac46dd52c7f1ec8Automatic Updater3713. [bug] Save memory by not storing "also-notify" addresses
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater in zone objects that are configured not to send
46da3117812814a29432a8d9a9ccf8acdbfdadceAutomatic Updater notify requests. [RT #35195]
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic Updater3712. [placeholder]
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User3711. [placeholder]
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater3710. [bug] Address double dns_zone_detach when switching to
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User using automatic empty zones from regular zones.
bbde8dc56605130058a1540609264fa109da3b63Automatic Updater3709. [port] Use built-in versions of strptime() and timegm()
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews on all platforms to avoid portability issues.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3708. [bug] Address a portentry locking issue in dispatch.c.
bbde8dc56605130058a1540609264fa109da3b63Automatic Updater3707. [bug] irs_resconf_load now returns ISC_R_FILENOTFOUND
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews on a missing resolv.conf file and initializes the
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater structure as if it had been configured with:
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater nameserver ::1
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson nameserver 127.0.0.1
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater Note: Callers will need to be updated to treat
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson ISC_R_FILENOTFOUND as a qualified success or else
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater they will leak memory. The following code fragment
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User will work with both old and new versions without
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater changing the behaviour of the existing code.
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater resconf = NULL;
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater result = irs_resconf_load(mctx, "/etc/resolv.conf",
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater if (result != ISC_SUCCESS) {
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater if (resconf != NULL)
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater irs_resconf_destroy(&resconf);
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater3706. [contrib] queryperf: Fixed a possible integer overflow when
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater printing results. [RT #35182]
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater3705. [func] "configure --enable-native-pkcs11" enables BIND
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater to use the PKCS#11 API for all cryptographic
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater functions, so that it can drive a hardware service
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater module directly without the need to use a modified
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater OpenSSL as intermediary (so long as the HSM's vendor
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater provides a complete-enough implementation of the
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews PKCS#11 interface). This has been tested successfully
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews with the Thales nShield HSM and with SoftHSMv2 from
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews the OpenDNSSEC project. [RT #29031]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3703. [func] To improve recursive resolver performance, cache
8e9f3b69914ee02a80b87c97b1f8093edb3e9ae0Automatic Updater records which are still being requested by clients
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews can now be automatically refreshed from the
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater authoritative server before they expire, reducing
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews or eliminating the time window in which no answer
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater is available in the cache. See the "prefetch" option
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater for more details. [RT #35041]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3702. [func] 'dnssec-coverage -l' option specifies a length
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews of time to check for coverage; events further into
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater the future are ignored. 'dnssec-coverage -z'
693c4232dfdffaff672197d4b9fea944c64cf80aAutomatic Updater checks only ZSK events, and 'dnssec-coverage -k'
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews checks only KSK events. (Thanks to Peter Palfrader.)
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater3701. [func] named-checkconf can now obscure shared secrets
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater when printing by specifying '-x'. [RT #34465]
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater3700. [func] Allow access to subgroups of XML statistics via
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson special URLs http://<server>:<port>/xml/v3/server,
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater /zones, /net, /tasks, /mem, and /status. [RT #35115]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3699. [bug] Improvements to statistics channel XSL stylesheet:
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater the stylesheet can now be cached by the browser;
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User section headers are omitted from the stats display
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater when there is no data in those sections to be
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews displayed; counters are now right-justified for
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User easier readability. [RT #35117]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews3698. [cleanup] Replaced all uses of memcpy() with memmove().
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User3697. [bug] Handle "." as a search list element when IDN support
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont is enabled. [RT #35133]
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User3696. [bug] dig failed to handle AXFR style IXFR responses which
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User span multiple messages. [RT #35137]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews3695. [bug] Address a possible race in dispatch.c. [RT #35107]
24bf1e02f03577db0feb50b80238c4150c96d05dAutomatic Updater3694. [bug] Warn when a key-directory is configured for a zone,
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews but does not exist or is not a directory. [RT #35108]
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater3693. [security] memcpy was incorrectly called with overlapping
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater ranges resulting in malformed names being generated
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews on some platforms. This could cause INSIST failures
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews when serving NSEC3 signed zones (CVE-2014-0591).
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3692. [bug] Two calls to dns_db_getoriginnode were fatal if there
24bf1e02f03577db0feb50b80238c4150c96d05dAutomatic Updater was no data at the node. [RT #35080]
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater3691. [contrib] Address null pointer dereference in LDAP and
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater MySQL DLZ modules.
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater3690. [bug] Iterative responses could be missed when the source
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater port for an upstream query was the same as the
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater listener port (53). [RT #34925]
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater3689. [bug] Fixed a bug causing an insecure delegation from one
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater static-stub zone to another to fail with a broken
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson trust chain. [RT #35081]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews3688. [bug] loadnode could return a freed node on out of memory.
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater3687. [bug] Address null pointer dereference in zone_xfrdone.
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater3686. [func] "dnssec-signzone -Q" drops signatures from keys
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater that are still published but no longer active.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater3685. [bug] "rndc refresh" didn't work correctly with slave
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User zones using inline-signing. [RT #35105]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3684. [bug] The list of included files would grow on reload.
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater3683. [cleanup] Add a more detailed "not found" message to rndc
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updater commands which specify a zone name. [RT #35059]
c6a0f4ae1d7183a16ffb196b86b647f870694796Automatic Updater3682. [bug] Correct the behavior of rndc retransfer to allow
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater inline-signing slave zones to retain NSEC3 parameters
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User instead of reverting to NSEC. [RT #34745]
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater3681. [port] Update the Windows build system to support feature
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater selection and WIN64 builds. This is a work in
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater progress. [RT #34160]
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater3680. [bug] Ensure buffer space is available in "rndc zonestatus".
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3679. [bug] dig could fail to clean up TCP sockets still
bc0a53583d92309bebcf93c408e2f3247ebd3d3cAutomatic Updater waiting on connect(). [RT #35074]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3678. [port] Update config.guess and config.sub. [RT #35060]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3677. [bug] 'nsupdate' leaked memory if 'realm' was used multiple
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater times. [RT #35073]
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater3676. [bug] "named-checkconf -z" now checks zones of type
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater hint and redirect as well as master. [RT #35046]
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater3675. [misc] Provide a place for third parties to add version
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater information for their extensions in the version
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater file by setting the EXTENSIONS variable.
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater --- 9.10.0a1 released ---
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026]
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater3673. [func] New "in-view" zone option allows direct sharing
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater of zones between views. [RT #32968]
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater3672. [func] Local address can now be specified when using
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater dns_client API. [RT #34811]
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews3671. [bug] Don't allow dnssec-importkey overwrite a existing
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater non-imported private key.
bbb069be941f649228760edcc241122933c066d2Automatic Updater3670. [bug] Address read after free in server side of
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater lwres_getrrsetbyname. [RT #29075]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3669. [port] freebsd: --with-gssapi needs -lhx509. [RT #35001]
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater3668. [bug] Fix cast in lex.c which could see 0xff treated as eof.
a382ca49c874d38ad3ac8995b49f9f27128e4ca9Automatic Updater3667. [test] dig: add support to keep the TCP socket open between
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews successive queries (+[no]keepopen). [RT #34918]
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater3666. [func] Add a tool, named-rrchecker, for checking the syntax
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews of individual resource records. This tool is intended
cafd3a2b9974fe0a4ab95e0289746062bd958d68Automatic Updater to be called by provisioning systems so that the front
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews end does not need to be upgraded to support new DNS
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater record types. [RT #34778]
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updater3665. [bug] Failure to release lock on error in receive_secure_db.
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater3664. [bug] Updated OpenSSL PKCS#11 patches to fix active list
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater locking and other bugs. [RT #34855]
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic Updater3663. [bug] Address bugs in dns_rdata_fromstruct and
cf7e98f59148b559946a7f1ca728471374f1eef3Automatic Updater dns_rdata_tostruct for WKS and ISDN types. [RT #34910]
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater3662. [bug] 'host' could die if a UDP query timed out. [RT #34870]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3661. [bug] Address lock order reversal deadlock with inline zones.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3660. [cleanup] Changed the name of "isc-config.sh" to "bind9-config".
a382ca49c874d38ad3ac8995b49f9f27128e4ca9Automatic Updater3659. [port] solaris: don't add explict dependencies/rules for
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User python programs as make won't use the implicit rules.
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater3658. [port] linux: Address platform specific compilation issue
3857cb6fcabeb79d85de4b3e3e4ab99912b701f8Mark Andrews when libcap-devel is installed. [RT #34838]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3657. [port] Some readline clones don't accept NULL pointers when
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews calling add_history. [RT #34842]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3656. [security] Treat an all zero netmask as invalid when generating
e2caa7536302de34de6cc04025abcd53dc3a499aAutomatic Updater the localnets acl. (The prior behavior could
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater allow unexpected matches when using some versions
8292deab031e7599cd7622aa7675fbe139ca6095Mark Andrews of Winsock: CVE-2013-6320.) [RT #34687]
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews3655. [cleanup] Simplify TCP message processing when requesting a
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews zone transfer. [RT #34825]
08d53af7d51409036462fa80fb1bde7a8c2ac123Automatic Updater3654. [bug] Address race condition with manual notify requests.
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater3653. [func] Create delegations for all "children" of empty zones
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews except "forward first". [RT #34826]
3351ccbd5c1961404044f8273d54dad405f53960Mark Andrews3652. [bug] Address bug with rpz-drop policy. [RT #34816]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews3651. [tuning] Adjust when a master server is deemed unreachable.
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater3650. [tuning] Use separate rate limiting queues for refresh and
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews notify requests. [RT #30589]
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater3649. [cleanup] Include a comment in .nzf files, giving the name of
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews the associated view. [RT #34765]
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater3648. [test] Updated the ATF test framework to version 0.17.
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater3647. [bug] Address a race condition when shutting down a zone.
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater3646. [bug] Journal filename string could be set incorrectly,
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater causing garbage in log messages. [RT #34738]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3645. [protocol] Use case sensitive compression when responding to
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater queries. [RT #34737]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3644. [protocol] Check that EDNS subnet client options are well formed.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3643. [doc] Clarify RRL "slip" documentation.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews3642. [func] Allow externally generated DNSKEY to be imported
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews into the DNSKEY management framework. A new tool
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews dnssec-importkey is used to do this. [RT #34698]
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater3641. [bug] Handle changes to sig-validity-interval settings
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater better. [RT #34625]
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater3640. [bug] ndots was not being checked when searching. Only
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews continue searching on NXDOMAIN responses. Add the
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews ability to specify ndots to nslookup. [RT #34711]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington in a key zone. [RT #34238]
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User3638. [cleanup] Add the ability to handle ENOPROTOOPT in case it is
b13d89bd89878137c81b36a36596cca3920f27a4Automatic Updater encountered. [RT #34668]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3637. [bug] 'allow-query-on' was checking the source address
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater rather than the destination address. [RT #34590]
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User3636. [bug] Automatic empty zones now behave better with
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User forward only "zones" beneath them. [RT #34583]
bc0a4c01beede169df81a3ee5b614ed9e82339dbAutomatic Updater3635. [bug] Signatures were not being removed from a zone with
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater only KSK keys for a algorithm. [RT #34439]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3634. [func] Report build-id in rndc status. Report build-id
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington when building from a git repository. [RT #20422]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3633. [cleanup] Refactor OPT processing in named to make it easier
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to support new EDNS options. [RT #34414]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3632. [bug] Signature from newly inactive keys were not being
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington removed. [RT #32178]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3631. [bug] Remove spurious warning about missing signatures when
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington qtype is SIG. [RT #34600]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3630. [bug] Ensure correct ID computation for MD5 keys. [RT #33033]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3629. [func] Allow the printing of cryptographic fields in DNSSEC
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington records by dig to be suppressed (dig +nocrypto).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3628. [func] Report DNSKEY key id's when dumping the cache.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3627. [bug] RPZ changes were not effective on slaves. [RT #34450]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3626. [func] dig: NSID output now easier to read. [RT #21160]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3625. [bug] Don't send notify messages to machines outside of the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3624. [bug] Look for 'json_object_new_int64' when looking for a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the json library. [RT #34449]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3623. [placeholder]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3622. [tuning] Eliminate an unnecessary lock when incrementing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington cache statistics. [RT #34339]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3621. [security] Incorrect bounds checking on private type 'keydata'
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington can lead to a remotely triggerable REQUIRE failure
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (CVE-2013-4854). [RT #34238]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3620. [func] Added "rpz-client-ip" policy triggers, enabling
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington RPZ responses to be configured on the basis of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the client IP address; this can be used, for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington example, to blacklist misbehaving recursive
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington or stub resolvers. [RT #33605]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3619. [bug] Fixed a bug in RPZ with "recursive-only no;"
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater3618. [func] "rndc reload" now checks modification times of
56effd2e3f579fd77b1fb37d47871d1bf1286bc4Automatic Updater include files as well as master files to determine
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater whether to skip reloading a zone. [RT #33936]
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater3617. [bug] Named was failing to answer queries during
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater "rndc reload" [RT #34098]
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater3616. [bug] Change #3613 was incomplete. [RT #34177]
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater3615. [cleanup] "configure" now finishes by printing a summary
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater of optional BIND features and whether they are
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater active or inactive. ("configure --enable-full-report"
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater increases the verbosity of the summary.) [RT #31777]
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater3614. [port] Check for <linux/types.h>. [RT #34162]
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater3613. [bug] named could crash when deleting inline-signing
ec8755f605d7dcb2de1076040e77bc2d7ec33b4aTinderbox User zones with "rndc delzone". [RT #34066]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington3612. [port] Check whether to use -ljson or -ljson-c. [RT #34115]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington3611. [bug] Improved resistance to a theoretical authentication
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews attack based on differential timing. [RT #33939]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3610. [cleanup] win32: Some executables had been omitted from the
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews installer. [RT #34116]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews3609. [bug] Corrected a possible deadlock in applications using
348040cb2675f1c3711672dadfc29f5ddfd2bb23Automatic Updater the export version of the isc_app API. [RT #33967]
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater3608. [port] win32: added todos.pl script to ensure all text files
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater the win32 build depends on are converted to DOS
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington newline format. [RT #22067]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3607. [bug] dnssec-keygen had broken 'Invalid keyfile' error
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington message. [RT #34045]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3606. [func] "rndc flushtree" now flushes matching
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater records in the address database and bad cache
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater as well as the DNS cache. (Previously only the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DNS cache was flushed.) [RT #33970]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3605. [port] win32: Addressed several compatibility issues
e01f44b37ba11c9d34f4a8394f950efae5c07f33Automatic Updater with newer versions of Visual Studio. [RT #33916]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3604. [bug] Fixed a compile-time error when building with
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater JSON but not XML. [RT #33959]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3603. [bug] Install <isc/stat.h>. [RT #33956]
3de6db3208d51de1e138b63b9670430c03f99694Automatic Updater3602. [contrib] Added DLZ Perl module, allowing Perl scripts to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater integrate with named and serve DNS data.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (Contributed by John Eaglesham of Yahoo.)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3601. [bug] Added to PKCS#11 openssl patches a value len
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington attribute in DH derive key. [RT #33928]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3600. [cleanup] dig: Fixed a typo in the warning output when receiving
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington an oversized response. [RT #33910]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3599. [tuning] Check for pointer equivalence in name comparisons.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3598. [cleanup] Improved portability of map file code. [RT #33820]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3597. [bug] Ensure automatic-resigning heaps are reconstructed
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington when loading zones in map format. [RT #33381]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3596. [port] Updated win32 build documentation, added
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington dnssec-verify. [RT #22067]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3595. [port] win32: Fix build problems introduced by change #3550.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3594. [maint] Update config.guess and config.sub. [RT #33816]
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater3593. [func] Update EDNS processing to better track remote server
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater capabilities. [RT #30655]
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater3592. [doc] Moved documentation of rndc command options to the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater rndc man page. [RT #33506]
79cea03ba823e2d3a34895f0ba91d7fb5ad799e7Automatic Updater3591. [func] Use CRC-64 to detect map file corruption at load
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater time. [RT #33746]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews3590. [bug] When using RRL on recursive servers, defer
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews rate-limiting until after recursion is complete;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington also, use correct rcode for slipped NXDOMAIN
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington responses. [RT #33604]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3589. [func] Report serial numbers in when starting zone transfers.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Report accepted NOTIFY requests including serial.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3588. [bug] dig: addressed a memory leak in the sigchase code
b7aab05edae933e169d5f83c653935b17c7f0a8bMark Andrews that could cause a shutdown crash. [RT #33733]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3587. [func] 'named -g' now checks the logging configuration but
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington does not use it. [RT #33473]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews3586. [bug] Handle errors in xmlDocDumpFormatMemoryEnc. [RT #33706]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3585. [func] "rndc delzone -clean" option removes zone files
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews when deleting a zone. [RT #33570]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3584. [security] Caching data from an incompletely signed zone could
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington trigger an assertion failure in resolver.c
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater (CVE-2013-3919). [RT #33690]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3583. [bug] Address memory leak in GSS-API processing [RT #33574]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3582. [bug] Silence false positive warning regarding missing file
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington directive for inline slave zones. [RT #33662]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3581. [bug] Changed the tcp-listen-queue default to 10. [RT #33029]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3580. [bug] Addressed a possible race in acache.c [RT #33602]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3579. [maint] Updates to PKCS#11 openssl patches, supporting
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3578. [bug] 'rndc -c file' now fails if 'file' does not exist.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3577. [bug] Handle zero TTL values better. [RT #33411]
42bee07ebb8152a6ec2f87f4790d87368c24704cAutomatic Updater3576. [bug] Address a shutdown race when validating. [RT #33573]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3575. [func] Changed the logging category for RRL events from
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater 'queries' to 'query-errors'. [RT #33540]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews3574. [doc] The 'hostname' keyword was missing from server-id
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington description in the named.conf man page. [RT #33476]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3573. [bug] "rndc addzone" and "rndc delzone" incorrectly handled
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews zone names containing punctuation marks and other
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews nonstandard characters. [RT #33419]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews3572. [func] Threads are now enabled by default on most
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews operating systems. [RT #25483]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3571. [bug] Address race condition in dns_client_startresolve().
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3570. [bug] Check internal pointers are valid when loading map
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington files. [RT #33403]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3569. [contrib] Ported mysql DLZ driver to dynamically-loadable
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington module, and added multithread support. [RT #33394]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3568. [cleanup] Add a product description line to the version file,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to be reported by named -v/-V. [RT #33366]
84a18c72b9f05a7d2aabbc50886de494251d1719Automatic Updater3567. [bug] Silence clang static analyzer warnings. [RT #33365]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3566. [func] Log when forwarding updates to master. [RT #33240]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3565. [placeholder]
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User3564. [bug] Improved handling of corrupted map files. [RT #33380]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3563. [contrib] zone2sqlite failed with some table names. [RT #33375]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater3562. [func] Update map file header format to include a SHA-1 hash
b0d566a2ce0f5a67f537ee7f8233f82f2584cc61Automatic Updater of the database content, so that corrupted map files
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater can be rejected at load time. [RT #32459]
1fdd58445074579ee3b65c871137a7a1740eb542Mark Andrews3561. [bug] dig: issue a warning if an EDNS query returns FORMERR
d630ef2ff74445949a482660938e9fa9da52ca14Automatic Updater or NOTIMP. Adjust usage message. [RT #33363]
d630ef2ff74445949a482660938e9fa9da52ca14Automatic Updater3560. [bug] isc-config.sh did not honor includedir and libdir
cc5a9ce75af9870f2cb9e2bf00548c2f7e6398d6Automatic Updater when set via configure. [RT #33345]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3559. [func] Check that both forms of Sender Policy Framework
ec8755f605d7dcb2de1076040e77bc2d7ec33b4aTinderbox User records exist or do not exist. [RT #33355]
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331]
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater3557. [bug] Reloading redirect zones was broken. [RT #33292]
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater3556. [maint] Added AAAA for D.ROOT-SERVERS.NET.
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater3555. [bug] Address theoretical race conditions in acache.c
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater (change #3553 was incomplete). [RT #33252]
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater3554. [bug] RRL failed to correctly rate-limit upward
e8c17c74535be290abaaa160a434ed80bf0ad2feMark Andrews referrals and failed to count dropped error
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater responses in the statistics. [RT #33225]
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater3553. [bug] Address suspected double free in acache. [RT #33252]
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater3552. [bug] Wrong getopt option string for 'nsupdate -r'.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3551. [bug] resolver.querydscp[46] were uninitialized. [RT #32686]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3550. [func] Unified the internal and export versions of the
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater BIND libraries, allowing external clients to use
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater the same libraries as BIND. [RT #33131]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3549. [doc] Documentation for "request-nsid" was missing.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3548. [bug] The NSID request code in resolver.c was broken
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater resulting in invalid EDNS options being sent.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3547. [bug] Some malformed unknown rdata records were not properly
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater detected and rejected. [RT #33129]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3546. [func] Add EUI48 and EUI64 types. [RT #33082]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3545. [bug] RRL slip behavior was incorrect when set to 1.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3544. [contrib] check5011.pl: Script to report the status of
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater managed keys as recorded in managed-keys.bind.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater Contributed by Tony Finch <dot@dotat.at>
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3543. [bug] Update socket structure before attaching to socket
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater manager after accept. [RT #33084]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3542. [placeholder]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3541. [bug] Parts of libdns were not properly initialized when
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater built in libexport mode. [RT #33028]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3540. [test] libt_api: t_info and t_assert were not thread safe.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3539. [port] win32: timestamp format didn't match other platforms.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3538. [test] Running "make test" now requires loopback interfaces
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater to be set up. [RT #32452]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3537. [tuning] Slave zones, when updated, now send NOTIFY messages
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater to peers before being dumped to disk rather than
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater after. [RT #27242]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3536. [func] Add support for setting Differentiated Services Code
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater Point (DSCP) values in named. Most configuration
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic Updater options which take a "port" option (e.g.,
a382ca49c874d38ad3ac8995b49f9f27128e4ca9Automatic Updater listen-on, forwarders, also-notify, masters,
24bf1e02f03577db0feb50b80238c4150c96d05dAutomatic Updater notify-source, etc) can now also take a "dscp"
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater option specifying a code point for use with
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater outgoing traffic, if supported by the underlying
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews OS. [RT #27596]
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews3535. [bug] Minor win32 cleanups. [RT #32962]
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater3534. [bug] Extra text after an embedded NULL was ignored when
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater parsing zone files. [RT #32699]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater3533. [contrib] query-loc-0.4.0: memory leaks. [RT #32960]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater3532. [contrib] zkt: fixed buffer overrun, resource leaks. [RT #32960]
75333ed9bf283dc5f93deea43460149937402985Automatic Updater3531. [bug] win32: A uninitialized value could be returned on out
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater of memory. [RT #32960]
4ea3649f028ea6a1e42377082a7ccf8f789fb950Automatic Updater3530. [contrib] Better RTT tracking in queryperf. [RT #30128]
60d5d17479b47c03b9c7c86f54269718103750b8Automatic Updater3529. [func] Named now listens on both IPv4 and IPv6 interfaces
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater by default. Named previously only listened on IPv4
a382ca49c874d38ad3ac8995b49f9f27128e4ca9Automatic Updater interfaces by default unless named was running in
a382ca49c874d38ad3ac8995b49f9f27128e4ca9Automatic Updater IPv6 only mode. [RT #32945]
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater3528. [func] New "dnssec-coverage" command scans the timing
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater metadata for a set of DNSSEC keys and reports if a
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater lapse in signing coverage has been scheduled
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater inadvertently. (Note: This tool depends on python;
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater it will not be built or installed on systems that
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater do not have a python interpreter.) [RT #28098]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater3527. [compat] Add a URI to allow applications to explicitly
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater request a particular XML schema from the statistics
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater channel, returning 404 if not supported. [RT #32481]
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater3526. [cleanup] Set up dependencies for unit tests correctly during
19dbf2e20df03f2b81ed1f347e27718084374059Automatic Updater build. [RT #32803]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater3525. [func] Support for additional signing algorithms in rndc:
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater hmac-sha1, -sha224, -sha256, -sha384, and -sha512.
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater The -A option to rndc-confgen can be used to
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater select the algorithm for the generated key.
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater (The default is still hmac-md5; this may
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater change in a future release.) [RT #20363]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater3524. [func] Added an alternate statistics channel in JSON format,
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater when the server is built with the json-c library:
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater http://[address]:[port]/json. [RT #32630]
7dd02af3c9350553e1d52d980a7812425b3f1295Automatic Updater3523. [contrib] Ported filesystem and ldap DLZ drivers to
7dd02af3c9350553e1d52d980a7812425b3f1295Automatic Updater dynamically-loadable modules, and added the
01f91b9cd440833f66e7476e43659655cb52ad10Automatic Updater "wildcard" module based on a contribution from
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington Vadim Goncharov <vgoncharov@nic.ru>. [RT #23569]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3522. [bug] DLZ lookups could fail to return SERVFAIL when
01f91b9cd440833f66e7476e43659655cb52ad10Automatic Updater they ought to. [RT #32685]
3e5b24a74c03d5b52f32d138e64e427bd2cbc8f3Automatic Updater3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3520. [bug] 'mctx' was not being referenced counted in some places
80af59ad4dcdf8370354fb45a049f1768e1a13c4Automatic Updater where it should have been. [RT #32794]
789875a1bd6d50c00d3bd883cad17ead1d3c21cdMark Andrews3519. [func] Full replay protection via four-way handshake is
789875a1bd6d50c00d3bd883cad17ead1d3c21cdMark Andrews now mandatory for rndc clients. Very old versions
5f4db4a664e7742d47abed1401fc42e4dd68174cAutomatic Updater of rndc will no longer work. [RT #32798]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater so that all dns_rrl_rtype_t enum values fit regardless
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of whether it is teated as signed or unsigned by
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the compiler. [RT #32792]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3517. [bug] Reorder destruction to avoid shutdown race. [RT #32777]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3516. [placeholder]
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater3515. [port] '%T' is not portable in strftime(). [RT #32763]
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater3514. [bug] The ranges for valid key sizes in ddns-confgen and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater rndc-confgen were too constrained. Keys up to 512
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater bits are now allowed for most algorithms, and up
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to 1024 bits for hmac-sha384 and hmac-sha512.
ff62ab3c2e6274f19190ded15548c723d38bbbe3Automatic Updater3513. [func] "dig -u" prints times in microseconds rather than
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater milliseconds. [RT #32704]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3512. [func] "rndc validation check" reports the current status
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of DNSSEC validation. [RT #21397]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3511. [doc] Improve documentation of redirect zones. [RT #32756]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3510. [func] "rndc status" and XML statistics channel now report
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater server start and reconfiguration times. [RT #21048]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3509. [cleanup] Added a product line to version file to allow for
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater easy naming of different products (BIND
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater vs BIND ESV, for example). [RT #32755]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3508. [contrib] queryperf was incorrectly rejecting the -T option.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3507. [bug] Statistics channel XSL had a glitch when attempting
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to chart query data before any queries had been
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater received. [RT #32620]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3506. [func] When setting "max-cache-size" and "max-acache-size",
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater the keyword "unlimited" is no longer defined as equal
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater to 4 gigabytes (except on 32-bit platforms); it
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater means literally unlimited. [RT #32358]
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater3505. [bug] When setting "max-cache-size" and "max-acache-size",
88d58d79c5bc7ce3c20a42461a5070116c736836Automatic Updater larger values than 4 gigabytes could not be set
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater explicitly, though larger sizes were available
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater when setting cache size to 0. This has been
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater corrected; the full range is now available.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3504. [func] Add support for ACLs based on geographic location,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater using MaxMind GeoIP databases. Based on code
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater contributed by Ken Brownfield <kb@slide.com>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3503. [doc] Clarify size_spec syntax. [RT #32449]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3502. [func] zone-statistics: "no" is now a synonym for "none",
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater instead of "terse". [RT #29165]
48b36fa08b2b5bc0d552dc2a4425b3f7007b3d59Automatic Updater3501. [func] zone-statistics now takes three options: full,
9fa39c73fc1d8bc44fdbbb79a1d26b837e7dd555Mark Andrews terse, and none. "yes" and "no" are retained as
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater synonyms for full and terse, respectively. [RT #29165]
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater3500. [security] Support NAPTR regular expression validation on
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater all platforms without using libregex, which
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater can be vulnerable to memory exhaustion attack
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater (CVE-2013-2266). [RT #32688]
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater3499. [doc] Corrected ARM documentation of built-in zones.
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater3498. [bug] zone statistics for zones which matched a potential
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater empty zone could have their zone-statistics setting
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews3497. [func] When deleting a slave/stub zone using 'rndc delzone'
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews report the files that were being used so they can
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews be cleaned up if desired. [RT #27899]
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews3496. [placeholder]
6e26c3b13483e042e44d213bc9995957720e5e15Automatic Updater3495. [func] Support multiple response-policy zones (up to 32),
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater while improving RPZ performance. "response-policy"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User syntax now includes a "min-ns-dots" clause, with
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater default 1, to exclude top-level domains from
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User NSIP and NSDNAME checking. --enable-rpz-nsip and
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater --enable-rpz-nsdname are now the default. [RT #32251]
8a50411a003d24e8a6e6d4e922a2205c83201038Automatic Updater3494. [func] DNS RRL: Blunt the impact of DNS reflection and
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater amplification attacks by rate-limiting substantially-
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater identical responses. [RT #28130]
e5bf83fe0bbca838a0749e9071bd76d9ee0fb59bFrancis Dupont3493. [contrib] Added BDBHPT dynamically-loadable DLZ module,
e5bf83fe0bbca838a0749e9071bd76d9ee0fb59bFrancis Dupont contributed by Mark Goldfinch. [RT #32549]
e5bf83fe0bbca838a0749e9071bd76d9ee0fb59bFrancis Dupont3492. [bug] Fixed a regression in zone loading performance
4dca64bb8991502db368028aeeba2f832d3b971dAutomatic Updater due to lock contention. [RT #30399]
4dca64bb8991502db368028aeeba2f832d3b971dAutomatic Updater3491. [bug] Slave zones using inline-signing must specify a
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater file name. [RT #31946]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater3490. [bug] When logging RDATA during update, truncate if it's
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater too long. [RT #32365]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT.
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater dns_dlzcreate() failed to properly initialize
7169f76a893666eb20fc7750782e7f411db742d6Tinderbox User dlzdb.link. When cloning a rdataset do not copy
7169f76a893666eb20fc7750782e7f411db742d6Tinderbox User the link contents. [RT #32651]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater3488. [bug] Use after free error with DH generated keys. [RT #32649]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater3487. [bug] Change 3444 was not complete. There was a additional
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater place where the NOQNAME proof needed to be saved.
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater3486. [bug] named could crash when using TKEY-negotiated keys
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater that had been deleted and then recreated. [RT #32506]
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater3485. [cleanup] Only compile openssl_gostlink.c if we support GOST.
be46cb4bee9253ee4832340c719920642e00c41aTinderbox User3484. [bug] Some statistics were incorrectly rendered in XML.
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater3483. [placeholder]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3482. [func] dig +nssearch now prints name servers that don't
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater have address records (missing AAAA or A, or the name
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater doesn't exist). [RT #29348]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater3481. [cleanup] Removed use of const const in atf.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3480. [bug] Silence logging noise when setting up zone
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statistics. [RT #32525]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3479. [bug] Address potential memory leaks in gssapi support
da82e232161d67b77df2d67898bdac693f647be1Automatic Updater code. [RT #32405]
2da2220fe7af2c45724b50b0187523b1fab0cf08Rob Austein3478. [port] Fix a build failure in strict C99 environments
c53a6f37deaa396660adb6a4ca600c4a58adfd3fAutomatic Updater3477. [func] Expand logging when adding records via DDNS update
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3476. [bug] "rndc zonestatus" could report a spurious "not
5acd63107041b5b0bed444e2bc29f4bca0c13e28Automatic Updater found" error on inline-signing zones. [RT #29226]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3475. [cleanup] Changed name of 'map' zone file format (previously
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater 'fast'). [RT #32458]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater3474. [bug] nsupdate could assert when the local and remote
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater address families didn't match. [RT #22897]
af9cf290cea6ada6ce27b51c724ab77ad5d73fa0Tinderbox User3473. [bug] dnssec-signzone/verify could incorrectly report
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater an error condition due to an empty node above an
af9cf290cea6ada6ce27b51c724ab77ad5d73fa0Tinderbox User opt-out delegation lacking an NSEC3. [RT #32072]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater3472. [bug] The active-connections counter in the socket
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater statistics could underflow. [RT #31747]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater3471. [bug] The number of UDP dispatches now defaults to
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater the number of CPUs even if -n has been set to
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater a higher value. [RT #30964]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater3470. [bug] Slave zones could fail to dump when successfully
4104e236f71eb5108fcfda6711878a97f6f4a8e7Automatic Updater refreshing after an initial failure. [RT #31276]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3469. [bug] Handle DLZ lookup failures more gracefully. Improve
e628576d3b3d91c8954679077f4c208f1e43b433Automatic Updater backward compatibility between versions of DLZ dlopen
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater API. [RT #32275]
af9cf290cea6ada6ce27b51c724ab77ad5d73fa0Tinderbox User3468. [security] RPZ rules to generate A records (but not AAAA records)
8e9f3b69914ee02a80b87c97b1f8093edb3e9ae0Automatic Updater could trigger an assertion failure when used in
8e9f3b69914ee02a80b87c97b1f8093edb3e9ae0Automatic Updater conjunction with DNS64 (CVE-2012-5689). [RT #32141]
c53a6f37deaa396660adb6a4ca600c4a58adfd3fAutomatic Updater3467. [bug] Added checks in dnssec-keygen and dnssec-settime
af9cf290cea6ada6ce27b51c724ab77ad5d73fa0Tinderbox User to check for delete date < inactive date. [RT #31719]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater3466. [contrib] Corrected the DNS_CLIENTINFOMETHODS_VERSION check
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater in DLZ example driver. [RT #32275]
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater3465. [bug] Handle isolated reserved ports. [RT #31778]
f8a9a38ee40c139a8d145ac76ecbff3a0f986453Mark Andrews3464. [maint] Updates to PKCS#11 openssl patches, supporting
e628576d3b3d91c8954679077f4c208f1e43b433Automatic Updater versions 0.9.8x, 1.0.0j, 1.0.1c [RT #29749]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater3463. [doc] Clarify managed-keys syntax in ARM. [RT #32232]
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic Updater3462. [doc] Clarify server selection behavior of dig when using
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User -4 or -6 options. [RT #32181]
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User3461. [bug] Negative responses could incorrectly have AD=1
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User set. [RT #32237]
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User3460. [bug] Only link against readline where needed. [RT #29810]
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User3459. [func] Added -J option to named-checkzone/named-compilezone
bea3208b417a0700bd524807082875b7d09585e4Automatic Updater to specify the path to the journal file. [RT #30958]
bea3208b417a0700bd524807082875b7d09585e4Automatic Updater3458. [bug] Return FORMERR when presented with a overly long
9d9d2b1450380caab764a1254c1687f0613fc94aAutomatic Updater domain named in a request. [RT #29682]
bea3208b417a0700bd524807082875b7d09585e4Automatic Updater3457. [protocol] Add ILNP records (NID, LP, L32, L64). [RT #31836]
e85565067cf73f8cc21ee29b11761659f1d47ee9Automatic Updater3456. [port] g++47: ATF failed to compile. [RT #32012]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews3455. [contrib] queryperf: fix getopt option list. [RT #32338]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews3454. [port] sparc64: improve atomic support. [RT #25182]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews3453. [bug] 'rndc addzone' of a zone with 'inline-signing yes;'
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews failed. [RT #31960]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews3452. [bug] Accept duplicate singleton records. [RT #32329]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews3451. [port] Increase per thread stack size from 64K to 1M.
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews3450. [bug] Stop logfileconfig system test spam system logs.
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User3449. [bug] gen.c: use the pre-processor to construct format
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User strings so that compiler can perform sanity checks;
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater check the snprintf results. [RT #17576]
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater3448. [bug] The allow-query-on ACL was not processed correctly.
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User3447. [port] Add support for libxml2-2.9.x [RT #32231]
8c9c79e5fea0cb698026a74821695907c8312a46Mark Andrews3446. [port] win32: Add source ID (see change #3400) to build.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3445. [bug] Warn about zone files with blank owner names
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User immediately after $ORIGIN directives. [RT #31848]
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater3444. [bug] The NOQNAME proof was not being returned from cached
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater insecure responses. [RT #21409]
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater3443. [bug] ddns-confgen: Some TSIG algorithms were incorrectly
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater rejected when generating keys. [RT #31927]
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater3442. [port] Net::DNS 0.69 introduced a non backwards compatible
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater change. [RT #32216]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3440. [bug] Reorder get_key_struct to not trigger a assertion when
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater cleaning up due to out of memory error. [RT #32131]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3439. [placeholder]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3438. [bug] Don't accept unknown data escape in quotes. [RT #32031]
e007e3e5b0316c6c05698a71101885743aca22bdAutomatic Updater3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialize
e007e3e5b0316c6c05698a71101885743aca22bdAutomatic Updater buffers with constant data. [RT #32064]
7169f76a893666eb20fc7750782e7f411db742d6Tinderbox User3436. [bug] Check malloc/calloc return values. [RT #32088]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3435. [bug] Cross compilation support in configure was broken.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3434. [bug] Pass client info to the DLZ findzone() entry
bbf7c3fd96ae5e02cb84743c581862e35327032aAutomatic Updater point in addition to lookup(). This makes it
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater possible for a database to answer differently
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater whether it's authoritative for a name depending
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater on the address of the client. [RT #31775]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3433. [bug] dlz_findzone() did not correctly handle
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington ISC_R_NOMORE. [RT #31172]
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User3432. [func] Multiple DLZ databases can now be configured.
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User DLZ databases are searched in the order configured,
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater unless set to "search no", in which case a
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater zone can be configured to be retrieved from a
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User particular DLZ database by using a "dlz <name>"
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater option in the zone statement. DLZ databases can
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater support type "master" and "redirect" zones.
06795359e2bc153a46f9f2f793a732b0e508f61dAutomatic Updater3431. [bug] ddns-confgen: Some valid key algorithms were
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updater not accepted. [RT #31927]
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updater3430. [bug] win32: isc_time_formatISO8601 was missing the
5e1503eb9464c2284bb782228d4c315087a2415fAutomatic Updater 'T' between the date and time. [RT #32044]
5e1503eb9464c2284bb782228d4c315087a2415fAutomatic Updater3429. [bug] dns_zone_getserial2 could a return success without
08d53af7d51409036462fa80fb1bde7a8c2ac123Automatic Updater returning a valid serial. [RT #32007]
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater3428. [cleanup] dig: Add timezone to date output. [RT #2269]
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updater3427. [bug] dig +trace incorrectly displayed name server
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater addresses instead of names. [RT #31641]
07d9d0dbcc0c79deb3c34f4a8af05ac68a6800e4Mark Andrews3426. [bug] dnssec-checkds: Clearer output when records are not
07d9d0dbcc0c79deb3c34f4a8af05ac68a6800e4Mark Andrews found. [RT #31968]
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updater3425. [bug] "acacheentry" reference counting was broken resulting
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updater in use after free. [RT #31908]
e2e3f655d133f08056c9035412d4c013aab234e7Automatic Updater3424. [func] dnssec-dsfromkey now emits the hash without spaces.
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater3423. [bug] "rndc signing -nsec3param" didn't accept the full
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater range of possible values. Address portability issues.
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater3422. [bug] Added a clear error message for when the SOA does not
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater match the referral. [RT #31281]
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater3421. [bug] Named loops when re-signing if all keys are offline.
e2e3f655d133f08056c9035412d4c013aab234e7Automatic Updater3420. [bug] Address VPATH compilation issues. [RT #31879]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3419. [bug] Memory leak on validation cancel. [RT #31869]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3418. [func] New XML schema (version 3.0) for the statistics channel
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington adds query type statistics at the zone level, and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington flattens the XML tree and uses compressed format to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater optimize parsing. Includes new XSL that permits
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater charting via the Google Charts API on browsers that
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater support javascript in XSL. The old XML schema has been
d6e92dd079e8591b59548685b80c971481549cebAutomatic Updater deprecated. [RT #30023]
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater3417. [placeholder]
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater3416. [bug] Named could die on shutdown if running with 128 UDP
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater dispatches per interface. [RT #31743]
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater3415. [bug] named could die with a REQUIRE failure if a validation
792b362aef91cab66c7075ad89b86194b6312d8bScott Mann was canceled. [RT #31804]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater3414. [bug] Address locking issues found by Coverity. [RT #31626]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3413. [func] Record the number of DNS64 AAAA RRsets that have been
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater synthesized. [RT #27636]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3412. [bug] Copy timeval structure from control message data.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3411. [tuning] Use IPV6_USE_MIN_MTU or equivalent with TCP in addition
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to UDP. [RT #31690]
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater3410. [bug] Addressed Coverity warnings. [RT #31626]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's
d04fe0d954df649d763640642cb5a456ae1c63a3Automatic Updater from X.509 certificates, for use with DANE
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic Updater (DNS-based Authentication of Named Entities).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3408. [bug] Some DNSSEC-related options (update-check-ksk,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater dnssec-loadkeys-interval, dnssec-dnskey-kskonly)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater are now legal in slave zones as long as
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater inline-signing is in use. [RT #31078]
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic Updater3407. [placeholder]
52cfbde0bd391cfb37e3c1a1b460c16ba6bf1a73Automatic Updater3406. [bug] mem.c: Fix compilation errors when building with
52cfbde0bd391cfb37e3c1a1b460c16ba6bf1a73Automatic Updater ISC_MEM_TRACKLINES or ISC_MEMPOOL_NAMES disabled.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Also, ISC_MEM_DEBUG is no longer optional. [RT #31559]
52cfbde0bd391cfb37e3c1a1b460c16ba6bf1a73Automatic Updater3405. [bug] Handle time going backwards in acache. [RT #31253]
52cfbde0bd391cfb37e3c1a1b460c16ba6bf1a73Automatic Updater3404. [bug] dnssec-signzone: When re-signing a zone, remove
52cfbde0bd391cfb37e3c1a1b460c16ba6bf1a73Automatic Updater RRSIG and NSEC records from nodes that used to be
79242b4b2baccf73f007645983fccad02747af13Automatic Updater in-zone but are now below a zone cut. [RT #31556]
da82e232161d67b77df2d67898bdac693f647be1Automatic Updater3403. [bug] Silence noisy OpenSSL logging. [RT #31497]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater3402. [test] The IPv6 interface numbers used for system
da82e232161d67b77df2d67898bdac693f647be1Automatic Updater tests were incorrect on some platforms. [RT #25085]
0c7657e9302e7f9a8fe4f32fe561dc7e7e7ee6b5Automatic Updater3401. [bug] Addressed Coverity warnings. [RT #31484]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3400. [cleanup] "named -V" can now report a source ID string, defined
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater in the "srcid" file in the build tree and normally set
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater to the most recent git hash. [RT #31494]
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater3399. [port] netbsd: rename 'bool' parameter to avoid namespace
0c7657e9302e7f9a8fe4f32fe561dc7e7e7ee6b5Automatic Updater clash. [RT #31515]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3398. [bug] SOA parameters were not being updated with inline
6fc390240332153d907b1e295e491d3a434262baAutomatic Updater signed zones if the zone was modified while the
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User server was offline. [RT #29272]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews3397. [bug] dig crashed when using +nssearch with +tcp. [RT #25298]
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater3396. [bug] OPT records were incorrectly removed from signed,
55f7099aade5630f3b10b5f007536c60e80cced2Automatic Updater truncated responses. [RT #31439]
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater3395. [protocol] Add RFC 6598 reverse zones to built in empty zones
cd839f5cf5f84cf163f55ff05cb88ce37efd24d1Automatic Updater list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA.
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater3394. [bug] Adjust 'successfully validated after lower casing
55f7099aade5630f3b10b5f007536c60e80cced2Automatic Updater signer' log level and category. [RT #31414]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3393. [bug] 'host -C' could core dump if REFUSED was received.
9ee40883ee29fa1b2d0fa30f223053360e27d1cbAutomatic Updater3392. [func] Keep statistics on REFUSED responses. [RT #31412]
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater3391. [bug] A DNSKEY lookup that encountered a CNAME failed.
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater3390. [bug] Silence clang compiler warnings. [RT #30417]
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater3389. [bug] Always return NOERROR (not 0) in TSIG. [RT #31275]
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater3388. [bug] Fixed several Coverity warnings.
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater Note: This change includes a fix for a bug that
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater was subsequently determined to be an exploitable
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater security vulnerability, CVE-2012-5688: named could
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater die on specific queries with dns64 enabled.
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater3387. [func] DS digest can be disabled at runtime with
ec8755f605d7dcb2de1076040e77bc2d7ec33b4aTinderbox User disable-ds-digests. [RT #21581]
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater3386. [bug] Address locking violation when generating new NSEC /
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater NSEC3 chains. [RT #31224]
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater3385. [bug] named-checkconf didn't detect missing master lists
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater in also-notify clauses. [RT #30810]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3384. [bug] Improved logging of crypto errors. [RT #30963]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3383. [security] A certain combination of records in the RBT could
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater cause named to hang while populating the additional
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater section of a response. [RT #31090]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3382. [bug] SOA query from slave used use-v6-udp-ports range,
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater if set, regardless of the address family in use.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3381. [contrib] Update queryperf to support more RR types.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3380. [bug] named could die if a nonexistent master list was
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater referenced in a also-notify. [RT #31004]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3379. [bug] isc_interval_zero and isc_time_epoch should be
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews "const (type)* const". [RT #31069]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3378. [bug] Handle missing 'managed-keys-directory' better.
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater3377. [bug] Removed spurious newline from NSEC3 multiline
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater output. [RT #31044]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3376. [bug] Lack of EDNS support was being recorded without a
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater successful response. [RT #30811]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3375. [bug] 'rndc dumpdb' failed on empty caches. [RT #30808]
19dbf2e20df03f2b81ed1f347e27718084374059Automatic Updater3374. [bug] isc_parse_uint32 failed to return a range error on
6de27e27ad6056d7c049feb912df5a6b9a56d1b8Automatic Updater systems with 64 bit longs. [RT #30232]
6de27e27ad6056d7c049feb912df5a6b9a56d1b8Automatic Updater3373. [bug] win32: open raw files in binary mode. [RT #30944]
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater3372. [bug] Silence spurious "deleted from unreachable cache"
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater messages. [RT #30501]
a6e1f63f50af688610ebd2521ba7f028767b51f3Mark Andrews3371. [bug] AD=1 should behave like DO=1 when deciding whether to
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic Updater add NS RRsets to the additional section or not.
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater3370. [bug] Address use after free while shutting down. [RT #30241]
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater3369. [bug] nsupdate terminated unexpectedly in interactive mode
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic Updater if built with readline support. [RT #29550]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater3368. [bug] <dns/iptable.h>, <dns/private.h> and <dns/zone.h>
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater were not C++ safe.
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater3367. [bug] dns_dnsseckey_create() result was not being checked.
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater3366. [bug] Fixed Read-After-Write dependency violation for IA64
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater atomic operations. [RT #25181]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3365. [bug] Removed spurious newlines from log messages in
da82e232161d67b77df2d67898bdac693f647be1Automatic Updater3364. [security] Named could die on specially crafted record.
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User3363. [bug] Need to allow "forward" and "fowarders" options
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User in static-stub zones; this had been overlooked.
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater3362. [bug] Setting some option values to 0 in named.conf
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater could trigger an assertion failure on startup.
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater3361. [bug] "rndc signing -nsec3param" didn't work correctly
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater when salt was set to '-' (no salt). [RT #30099]
cbb14fdb1f8eeab80c47205609b10a9969ab1df1Mark Andrews3360. [bug] 'host -w' could die. [RT #18723]
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater3359. [bug] An improperly-formed TSIG secret could cause a
b86a75e3ade957c80316e03e148a6969fc3179b9Automatic Updater memory leak. [RT #30607]
e007e3e5b0316c6c05698a71101885743aca22bdAutomatic Updater3358. [placeholder]
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater3357. [port] Add support for libxml2-2.8.x [RT #30440]
5645e0c82a55b05abb975bd91b9566823dc5efb0Evan Hunt3356. [bug] Cap the TTL of signed RRsets when RRSIGs are
5645e0c82a55b05abb975bd91b9566823dc5efb0Evan Hunt approaching their expiry, so they don't remain
5645e0c82a55b05abb975bd91b9566823dc5efb0Evan Hunt in caches after expiry. [RT #26429]
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater3355. [port] Use more portable awk in verify system test.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews3354. [func] Improve OpenSSL error logging. [RT #29932]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews3353. [bug] Use a single task for task exclusive operations.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews3352. [bug] Ensure that learned server attributes timeout of the
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews adb cache. [RT #29856]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews3351. [bug] isc_mem_put and isc_mem_putanddetach didn't report
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews memory debugging flags are set. [RT #30243]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews3350. [bug] Memory read overrun in isc___mem_reallocate if
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews ISC_MEM_DEBUGCTX memory debugging flag is set.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews3349. [bug] Change #3345 was incomplete. [RT #30233]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews3348. [bug] Prevent RRSIG data from being cached if a negative
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews record matching the covering type exists at a higher
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews trust level. Such data already can't be retrieved from
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews the cache since change 3218 -- this prevents it
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews being inserted into the cache as well. [RT #26809]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews3347. [bug] dnssec-settime: Issue a warning when writing a new
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater private key file would cause a change in the
7a2a1b8b14fc804ac80612d7b98064095e445be5Automatic Updater permissions of the existing file. [RT #27724]
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater3346. [security] Bad-cache data could be used before it was
7a2a1b8b14fc804ac80612d7b98064095e445be5Automatic Updater initialized, causing an assert. [RT #30025]
f8b9948a4116226ac41b5509cca152849006c66cAutomatic Updater3345. [bug] Addressed race condition when removing the last item
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater or inserting the first item in an ISC_QUEUE.
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater3344. [func] New "dnssec-checkds" command checks a zone to
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater determine which DS records should be published
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater in the parent zone, or which DLV records should be
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater published in a DLV zone, and queries the DNS to
4d813066e967a36c407ee641155ada0c614d4dc6Automatic Updater ensure that it exists. (Note: This tool depends
47ff70af9e842bf0f69d209433995216f560fe4aAutomatic Updater on python; it will not be built or installed on
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater systems that do not have a python interpreter.)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3343. [placeholder]
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews3342. [bug] Change #3314 broke saving of stub zones to disk
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater resulting in excessive cpu usage in some cases.
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater3341. [func] New "dnssec-verify" command checks a signed zone
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater to ensure correctness of signatures and of NSEC/NSEC3
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater chains. [RT #23673]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater3340. [func] Added new 'map' zone file format, which is an image
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater of a zone database that can be loaded directly into
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater memory via mmap(), allowing much faster zone loading.
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater (Note: Because of pointer sizes and other
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater considerations, this file format is platform-dependent;
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater 'map' zone files cannot always be transferred from one
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater server to another.) [RT #25419]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater3339. [func] Allow the maximum supported rsa exponent size to be
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater specified: "max-rsa-exponent-size <value>;" [RT #29228]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater3338. [bug] Address race condition in units tests: asyncload_zone
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater and asyncload_zt. [RT #26100]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater3337. [bug] Change #3294 broke support for the multiple keys
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater in controls. [RT #29694]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater3336. [func] Maintain statistics for RRsets tagged as "stale".
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater3335. [func] nslookup: return a nonzero exit code when unable
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater to get an answer. [RT #29492]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater3334. [bug] Hold a zone table reference while performing a
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater asynchronous load of a zone. [RT #28326]
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User3333. [bug] Setting resolver-query-timeout too low can cause
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User named to not recover if it loses connectivity.
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User3332. [bug] Re-use cached DS rrsets if possible. [RT #29446]
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User3331. [security] dns_rdataslab_fromrdataset could produce bad
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User rdataslabs. [RT #29644]
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User3330. [func] Fix missing signatures on NOERROR results despite
059cd1994d4ac5c1b967ce777d2c7409dc829a42Tinderbox User RPZ rewriting. Also
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User - add optional "recursive-only yes|no" to the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater response-policy statement
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews - add optional "max-policy-ttl" to the response-policy
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statement to limit the false data that
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "recursive-only no" can introduce into
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater resolvers' caches
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater - add a RPZ performance test to bin/tests/system/rpz
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater when queryperf is available.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - the encoding of PASSTHRU action to "rpz-passthru".
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (The old encoding is still accepted.)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3329. [bug] Handle RRSIG signer-name case consistently: We
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington generate RRSIG records with the signer-name in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lower case. We accept them with any case, but if
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater they fail to validate, we try again in lower case.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3328. [bug] Fixed inconsistent data checking in dst_parse.c.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3327. [func] Added 'filter-aaaa-on-v6' option; this is similar
06795359e2bc153a46f9f2f793a732b0e508f61dAutomatic Updater to 'filter-aaaa-on-v4' but applies to IPv6
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater connections. (Use "configure --enable-filter-aaaa"
94d0b4bd411a66a2c5a7ebc8722579a59cf9640bAutomatic Updater to enable this option.) [RT #27308]
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater3326. [func] Added task list statistics: task model, worker
94d0b4bd411a66a2c5a7ebc8722579a59cf9640bAutomatic Updater threads, quantum, tasks running, tasks ready.
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater3325. [func] Report cache statistics: memory use, number of
94d0b4bd411a66a2c5a7ebc8722579a59cf9640bAutomatic Updater nodes, number of hash buckets, hit and miss counts.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3324. [test] Add better tests for ADB stats [RT #27057]
879391501ee0ffba072433120bf1baa4087f8899Automatic Updater3323. [func] Report the number of buckets the resolver is using.
879391501ee0ffba072433120bf1baa4087f8899Automatic Updater3322. [func] Monitor the number of active TCP and UDP dispatches.
8f536463f9fdfa7da6a8310e4f4895373beb2961Mark Andrews3321. [func] Monitor the number of recursive fetches and the
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater number of open sockets, and report these values in
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater the statistics channel. [RT #27054]
da82e232161d67b77df2d67898bdac693f647be1Automatic Updater3320. [func] Added support for monitoring of recursing client
ace530234c82bbfcd03bbfd4ba6c6a04293d497fMark Andrews count. [RT #27009]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3319. [func] Added support for monitoring of ADB entry count and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater hash size. [RT #27057]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3318. [tuning] Reduce the amount of work performed while holding a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater bucket lock when finished with a fetch context.
dfd613f037c1385db661f17e086d34ea57fea9b0Automatic Updater3317. [func] Add ECDSA support (RFC 6605). [RT #21918]
dfd613f037c1385db661f17e086d34ea57fea9b0Automatic Updater3316. [tuning] Improved locking performance when recursing.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3315. [tuning] Use multiple dispatch objects for sending upstream
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington queries; this can improve performance on busy
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington multiprocessor systems by reducing lock contention.
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater3314. [bug] The masters list could be updated while stub_callback
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater or refresh_callback were using it. [RT #26732]
63654fea53d6a58a65112234bc8d0c322e0c81b5Automatic Updater3313. [protocol] Add TLSA record type. [RT #28989]
d630ef2ff74445949a482660938e9fa9da52ca14Automatic Updater3312. [bug] named-checkconf didn't detect a bad dns64 clients acl.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3311. [bug] Abort the zone dump if zone->db is NULL in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zone.c:zone_gotwritehandle. [RT #29028]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3310. [test] Increase table size for mutex profiling. [RT #28809]
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater3309. [bug] resolver.c:fctx_finddone() was not thread safe.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3308. [placeholder]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3306. [bug] Improve DNS64 reverse zone performance. [RT #28563]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3305. [func] Add wire format lookup method to sdb. [RT #28563]
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User3304. [bug] Use hmctx, not mctx when freeing rbtdb->heaps.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3303. [bug] named could die when reloading. [RT #28606]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3302. [bug] dns_dnssec_findmatchingkeys could fail to find
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater keys if the zone name contained character that
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater required special mappings. [RT #28600]
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater3301. [contrib] Update queryperf to build on darwin. Add -R flag
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater for non-recursive queries. [RT #28565]
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic Updater3300. [bug] Named could die if gssapi was enabled in named.conf
7169f76a893666eb20fc7750782e7f411db742d6Tinderbox User but was not compiled in. [RT #28338]
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater3299. [bug] Make SDB handle errors from database drivers better.
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater3298. [bug] Named could dereference a NULL pointer in
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater zmgr_start_xfrin_ifquota if the zone was being removed.
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater3297. [bug] Named could die on a malformed master file. [RT #28467]
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater3296. [bug] Named could die with a INSIST failure in
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic Updater client.c:exit_check. [RT #28346]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3295. [bug] Adjust isc_time_secondsastimet range check to be more
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater portable. [RT # 26542]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3294. [bug] isccc/cc.c:table_fromwire failed to free alist on
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater error. [RT #28265]
24e0e8d17df315d5d494ca933874e545eadce773Automatic Updater3293. [func] nsupdate: list supported type. [RT #28261]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3292. [func] Log messages in the axfr stream at debug 10.
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater3291. [port] Fixed a build error on systems without ENOTSUP.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3290. [bug] <isc/hmacsha.h> was not being installed. [RT #28169]
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater3289. [bug] 'rndc retransfer' failed for inline zones. [RT #28036]
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater3288. [bug] dlz_destroy() function wasn't correctly registered
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater by the DLZ dlopen driver. [RT #28056]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028]
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater3286. [bug] Managed key maintenance timer could fail to start
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater after 'rndc reconfig'. [RT #26786]
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater3285. [bug] val-frdataset was incorrectly disassociated in
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater proveunsecure after calling startfinddlvsep.
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater3284. [bug] Address race conditions with the handling of
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater3283. [bug] Raw zones with with more than 512 records in a RRset
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater failed to load. [RT #27863]
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater3282. [bug] Restrict the TTL of NS RRset to no more than that
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater of the old NS RRset when replacing it.
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater [RT #27792] [RT #27884]
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater3281. [bug] SOA refresh queries could be treated as cancelled
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater despite succeeding over the loopback interface.
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater3280. [bug] Potential double free of a rdataset on out of memory
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater with DNS64. [RT #27762]
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater3279. [bug] Hold a internal reference to the zone while performing
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater a asynchronous load. Address potential memory leak
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater if the asynchronous is cancelled. [RT #27750]
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater3278. [bug] Make sure automatic key maintenance is started
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater when "auto-dnssec maintain" is turned on during
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater "rndc reconfig". [RT #26805]
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater3277. [bug] win32: isc_socket_dup is not implemented. [RT #27696]
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater3276. [bug] win32: ns_os_openfile failed to return NULL on
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater safe_open failure. [RT #27696]
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater3275. [bug] Corrected rndc -h output; the 'rndc sync -clean'
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater option had been misspelled as '-clear'. (To avoid
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater future confusion, both options now work.) [RT #27173]
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater3274. [placeholder]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3273. [bug] AAAA responses could be returned in the additional
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington section even when filter-aaaa-on-v4 was in use.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3272. [func] New "rndc zonestatus" command prints information
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater about the specified zone. [RT #21671]
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater3271. [port] darwin: mksymtbl is not always stable, loop several
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews times before giving up. mksymtbl was using non
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater portable perl to covert 64 bit hex strings. [RT #27653]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews --- 9.9.0rc2 released ---
4d95e549ed8f84373e5eb7346a0c7ab7f3b0e9a8Automatic Updater3270. [bug] "rndc reload" didn't reuse existing zones correctly
6fab60452ed15c1039aee974a32d692d07eda4d2Automatic Updater when inline-signing was in use. [RT #27650]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews3269. [port] darwin 11 and later now built threaded by default.
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater3268. [bug] Convert RRSIG expiry times to 64 timestamps to work
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews out the earliest expiry time. [RT #23311]
71ba75c604df3604673232828a68bb28c420e698Mark Andrews3267. [bug] Memory allocation failures could be mis-reported as
71ba75c604df3604673232828a68bb28c420e698Mark Andrews unexpected error. New ISC_R_UNSET result code.
dfd613f037c1385db661f17e086d34ea57fea9b0Automatic Updater3266. [bug] The maximum number of NSEC3 iterations for a
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater DNSKEY RRset was not being properly computed.
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3265. [bug] Corrected a problem with lock ordering in the
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater inline-signing code. [RT #27557]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3264. [bug] Automatic regeneration of signatures in an
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater inline-signing zone could stall when the server
56334ccb2d4b5a04fc12b70b5852049db5d24088Evan Hunt was restarted. [RT #27344]
56334ccb2d4b5a04fc12b70b5852049db5d24088Evan Hunt3263. [bug] "rndc sync" did not affect the unsigned side of an
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater inline-signing zone. [RT #27337]
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater3262. [bug] Signed responses were handled incorrectly by RPZ.
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3261. [func] RRset ordering now defaults to random. [RT #27174]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3260. [bug] "rrset-order cyclic" could appear not to rotate
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater for some query patterns. [RT #27170/27185]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson --- 9.9.0rc1 released ---
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater3259. [bug] named-compilezone: Suppress "dump zone to <file>"
3a9593055ead76cbbb417aee2d2e656c2c92cf46Automatic Updater message when writing to stdout. [RT #27109]
3a9593055ead76cbbb417aee2d2e656c2c92cf46Automatic Updater3258. [test] Add "forcing full sign with unreadable keys" test.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3257. [bug] Do not generate a error message when calling fsync()
a8a1d4629ed697be4b0c0bb96b3c59d494450eedAutomatic Updater in a pipe or socket. [RT #27109]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3256. [bug] Disable empty zones for lwresd -C. [RT #27139]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson3255. [func] No longer require that a empty zones be explicitly
3a9593055ead76cbbb417aee2d2e656c2c92cf46Automatic Updater enabled or that a empty zone is disabled for
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater RFC 1918 empty zones to be configured. [RT #27139]
f262aa9daa94e94de066f1720a90cc2898af38fbAutomatic Updater3254. [bug] Set isc_socket_ipv6only() on the IPv6 control channels.
f262aa9daa94e94de066f1720a90cc2898af38fbAutomatic Updater3253. [bug] Return DNS_R_SYNTAX when the input to a text field is
f262aa9daa94e94de066f1720a90cc2898af38fbAutomatic Updater too long. [RT #26956]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3252. [bug] When master zones using inline-signing were
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater updated while the server was offline, the source
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zone could fall out of sync with the signed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater copy. They can now resynchronize. [RT #26676]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3251. [bug] Enforce a upper bound (65535 bytes) on the amount of
0ece47f7c1cf03718726d9dff183b02fa35115e6Mark Andrews memory dns_sdlz_putrr() can allocate per record to
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews prevent run away memory consumption on ISC_R_NOSPACE.
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews3250. [func] 'configure --enable-developer'; turn on various
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews configure options, normally off by default, that
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews we want developers to build and test with. [RT #27103]
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews3249. [bug] Update log message when saving slave zones files for
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater analysis after load failures. [RT #27087]
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater3248. [bug] Configure options --enable-fixed-rrset and
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater --enable-exportlib were incompatible with each
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews other. [RT #27087]
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater3247. [bug] 'raw' format zones failed to preserve load order
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews breaking 'fixed' sort order. [RT #27087]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3246. [bug] Named failed to start with a empty also-notify list.
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater3245. [bug] Don't report a error unchanged serials unless there
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater were other changes when thawing a zone with
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updater ixfr-fromdifferences. [RT #26845]
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updater3244. [func] Added readline support to nslookup and nsupdate.
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updater Also simplified nsupdate syntax to make "update"
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updater and "prereq" optional. [RT #24659]
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews3243. [port] freebsd,netbsd,bsdi: the thread defaults were not
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews being properly set.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews3242. [func] Extended the header of raw-format master files to
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews include the serial number of the zone from which
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews they were generated, if different (as in the case
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews of inline-signing zones). This is to be used in
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews inline-signing zones, to track changes between the
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews unsigned and signed versions of the zone, which may
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews have different serial numbers.
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater (Note: raw zonefiles generated by this version of
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater BIND are no longer compatible with prior versions.
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater To generate a backward-compatible raw zonefile
24bf1e02f03577db0feb50b80238c4150c96d05dAutomatic Updater using dnssec-signzone or named-compilezone, specify
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User output format "raw=0" instead of simply "raw".)
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater3241. [bug] Address race conditions in the resolver code.
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater3240. [bug] DNSKEY state change events could be missed. [RT #26874]
2ec4ab21838e218863d052ebfa3e106e04f50820Evan Hunt3239. [bug] dns_dnssec_findmatchingkeys needs to use a consistent
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews timestamp. [RT #26883]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3238. [bug] keyrdata was not being reinitialized in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews lib/dns/rbtdb.c:iszonesecure. [RT#26913]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews3237. [bug] dig -6 didn't work with +trace. [RT #26906]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3236. [bug] Backed out changes #3182 and #3202, related to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews EDNS(0) fallback behavior. [RT #26416]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3235. [func] dns_db_diffx, a extended dns_db_diff which returns
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the generated diff and optionally writes it to a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews journal. [RT #26386]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3234. [bug] 'make depend' produced invalid makefiles. [RT #26830]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3233. [bug] 'rndc freeze/thaw' didn't work for inline zones.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3232. [bug] Zero zone->curmaster before return in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews dns_zone_setmasterswithkeys(). [RT #26732]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3231. [bug] named could fail to send a incompressible zone.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3230. [bug] 'dig axfr' failed to properly handle a multi-message
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews axfr with a serial of 0. [RT #26796]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3229. [bug] Fix local variable to struct var assignment
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews found by CLANG warning.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3228. [tuning] Dynamically grow symbol table to improve zone
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews loading performance. [RT #26523]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3227. [bug] Interim fix to make WKS's use of getprotobyname()
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and getservbyname() self thread safe. [RT #26232]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3226. [bug] Address minor resource leakages. [RT #26624]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3225. [bug] Silence spurious "setsockopt(517, IPV6_V6ONLY) failed"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews messages. [RT #26507]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3224. [bug] 'rndc signing' argument parsing was broken. [RT #26684]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3223. [bug] 'task_test privilege_drop' generated false positives.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3222. [cleanup] Replace dns_journal_{get,set}_bitws with
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews dns_journal_{get,set}_sourceserial. [RT #26634]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3221. [bug] Fixed a potential core dump on shutdown due to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews referencing fetch context after it's been freed.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews --- 9.9.0b2 released ---
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3220. [bug] Change #3186 was incomplete; dns_db_rpz_findips()
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews could fail to set the database version correctly,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews causing an assertion failure. [RT #26180]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews3219. [bug] Disable NOEDNS caching following a timeout.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3218. [security] Cache lookup could return RRSIG data associated with
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews nonexistent records, leading to an assertion
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews failure. [RT #26590]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3217. [cleanup] Fix build problem with --disable-static. [RT #26476]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3215. [bug] 'rndc recursing' could cause a core dump. [RT #26495]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3214. [func] Add 'named -U' option to set the number of UDP
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews listener threads per interface. [RT #26485]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3213. [doc] Clarify ixfr-from-differences behavior. [RT #25188]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews list prior to adding a reference to it leading a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews possible assertion failure. [RT #23219]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3211. [func] dnssec-signzone: "-f -" prints to stdout; "-O full"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews option prints in single-line-per-record format.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3210. [bug] Canceling the oldest query due to recursive-client
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews overload could trigger an assertion failure. [RT #26463]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3209. [func] Add "dnssec-lookaside 'no'". [RT #24858]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3208. [bug] 'dig -y' handle unknown tsig algorithm better.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3207. [contrib] Fixed build error in Berkeley DB DLZ module. [RT #26444]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3206. [cleanup] Add ISC information to log at start time. [RT #25484]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3205. [func] Upgrade dig's defaults to better reflect modern
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews nameserver behavior. Enable "dig +adflag" and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews "dig +edns=0" by default. Enable "+dnssec" when
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews running "dig +trace". [RT #23497]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3204. [bug] When a master server that has been marked as
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews unreachable sends a NOTIFY, mark it reachable
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews again. [RT #25960]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3203. [bug] Increase log level to 'info' for validation failures
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews from expired or not-yet-valid RRSIGs. [RT #21796]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3202. [bug] NOEDNS caching on timeout was too aggressive.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3201. [func] 'rndc querylog' can now be given an on/off parameter
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews instead of only being used as a toggle. [RT #18351]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3200. [doc] Some rndc functions were undocumented or were
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews missing from 'rndc -h' output. [RT #25555]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3199. [func] When logging client information, include the name
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews being queried. [RT #25944]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3198. [doc] Clarified that dnssec-settime can alter keyfile
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews permissions. [RT #24866]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3197. [bug] Don't try to log the filename and line number when
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the config parser can't open a file. [RT #22263]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3196. [bug] nsupdate: return nonzero exit code when target zone
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews doesn't exist. [RT #25783]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3195. [cleanup] Silence "file not found" warnings when loading
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews managed-keys zone. [RT #26340]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3194. [doc] Updated RFC references in the 'empty-zones-enable'
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews documentation. [RT #25203]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3193. [cleanup] Changed MAXZONEKEYS to DNS_MAXZONEKEYS, moved to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3192. [bug] A query structure could be used after being freed.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3191. [bug] Print NULL records using "unknown" format. [RT #26392]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3190. [bug] Underflow in error handling in isc_mutexblock_init.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3189. [test] Added a summary report after system tests. [RT #25517]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3188. [bug] zone.c:zone_refreshkeys() could fail to detach
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews references correctly when errors occurred, causing
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a hang on shutdown. [RT #26372]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3187. [port] win32: support for Visual Studio 2008. [RT #26356]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews --- 9.9.0b1 released ---
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3186. [bug] Version/db mis-match in rpz code. [RT #26180]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3185. [func] New 'rndc signing' option for auto-dnssec zones:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews - 'rndc signing -list' displays the current
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews state of signing operations
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews - 'rndc signing -clear' clears the signing state
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews records for keys that have fully signed the zone
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews - 'rndc signing -nsec3param' sets the NSEC3
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews parameters for the zone
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The 'rndc keydone' syntax is removed. [RT #23729]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3184. [bug] named had excessive cpu usage when a redirect zone was
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews configured. [RT #26013]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3183. [bug] Added RTLD_GLOBAL flag to dlopen call. [RT #26301]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3182. [bug] Auth servers behind firewalls which block packets
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews greater than 512 bytes may cause other servers to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews perform poorly. Now, adb retains edns information
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and caches noedns servers. [RT #23392/24964]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3181. [func] Inline-signing is now supported for master zones.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3180. [func] Local copies of slave zones are now saved in raw
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews format by default, to improve startup performance.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews 'masterfile-format text;' can be used to override
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the default, if desired. [RT #25867]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3179. [port] kfreebsd: build issues. [RT #26273]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews3178. [bug] A race condition introduced by change #3163 could
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews cause an assertion failure on shutdown. [RT #26271]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3177. [func] 'rndc keydone', remove the indicator record that
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater named has finished signing the zone with the
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews corresponding key. [RT #26206]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3176. [doc] Corrected example code and added a README to the
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews sample external DLZ module in contrib/dlz/example.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3175. [bug] Fix how DNSSEC positive wildcard responses from a
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews NSEC3 signed zone are validated. Stop sending a
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews unnecessary NSEC3 record when generating such
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews responses. [RT #26200]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3174. [bug] Always compute to revoked key tag from scratch.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3173. [port] Correctly validate root DS responses. [RT #25726]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3172. [port] darwin 10.* and freebsd [89] are now built threaded by
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews3171. [bug] Exclusively lock the task when adding a zone using
35bc7055d1b9b816e68a4180d46a49963e45c233Automatic Updater 'rndc addzone'. [RT #25600]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews --- 9.9.0a3 released ---
78cb74fab4665da2e2641ba909c6f59f74cc4193Automatic Updater3170. [func] RPZ update:
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater - fix precedence among competing rules
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater - improve ARM text including documenting rule precedence
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater - try to rewrite CNAME chains until first hit
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater - new "rpz" logging channel
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater - RDATA for CNAME rules can include wildcards
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater - replace "NO-OP" named.conf policy override with
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater "PASSTHRU" and add "DISABLED" override ("NO-OP"
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater is still recognized)
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater3169. [func] Catch db/version mis-matches when calling dns_db_*().
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater3168. [bug] Nxdomain redirection could trigger an assert with
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater a ANY query. [RT #26017]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews3167. [bug] Negative answers from forwarders were not being
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson correctly tagged making them appear to not be cached.
66d24a46538c7c2d29fdb5611ab1173e83685b1dTinderbox User3166. [bug] Upgrading a zone to support inline-signing failed.
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews3165. [bug] dnssec-signzone could generate new signatures when
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews resigning, even when valid signatures were already
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews present. [RT #26025]
94df856897945fe58f130ba78765c57308bc5400Automatic Updater3164. [func] Enable DLZ modules to retrieve client information,
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews so that responses can be changed depending on the
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updater source address of the query. [RT #25768]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater3163. [bug] Use finer-grained locking in client.c to address
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updater concurrency problems with large numbers of threads.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews3162. [test] start.pl: modified to allow for "named.args" in
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews ns*/ subdirectory to override stock arguments to
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updater named. Largely from RT#26044, but no separate ticket.
da93950363b307b718d156514b95b9df93a63776Mark Andrews3161. [bug] zone.c:del_sigs failed to always reset rdata leading
35bc7055d1b9b816e68a4180d46a49963e45c233Automatic Updater assertion failures. [RT #25880]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3160. [bug] When printing out a NSEC3 record in multiline form
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater the newline was not being printed causing type codes
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater to be run together. [RT #25873]
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater3159. [bug] On some platforms, named could assert on startup
e23256e740b238bddb4ba41ffac5f81a01c92245Automatic Updater when running in a chrooted environment without
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater /proc. [RT #25863]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3158. [bug] Recursive servers would prefer a particular UDP
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updater socket instead of using all available sockets.
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater3157. [tuning] Reduce the time spent in "rndc reconfig" by parsing
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater the config file before pausing the server. [RT #21373]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3156. [placeholder]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater --- 9.9.0a2 released ---
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3155. [bug] Fixed a build failure when using contrib DLZ
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater drivers (e.g., mysql, postgresql, etc). [RT #25710]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3154. [bug] Attempting to print an empty rdataset could trigger
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater an assert. [RT #25452]
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updater3153. [func] Extend request-ixfr to zone level and remove the
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updater side effect of forcing an AXFR. [RT #25156]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3152. [cleanup] Some versions of gcc and clang failed due to
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater incorrect use of __builtin_expect. [RT #25183]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3151. [bug] Queries for type RRSIG or SIG could be handled
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater incorrectly. [RT #21050]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3150. [func] Improved startup and reconfiguration time by
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater enabling zones to load in multiple threads. [RT #25333]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3149. [placeholder]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3148. [bug] Processing of normal queries could be stalled when
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater forwarding a UPDATE message. [RT #24711]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3147. [func] Initial inline signing support. [RT #23657]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater --- 9.9.0a1 released ---
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3146. [test] Fixed gcc4.6.0 errors in ATF. [RT #25598]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3145. [test] Capture output of ATF unit tests in "./atf.out" if
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater there were any errors while running them. [RT #25527]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3144. [bug] dns_dbiterator_seek() could trigger an assert when
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater used with a nonexistent database node. [RT #25358]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3143. [bug] Silence clang compiler warnings. [RT #25174]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3142. [bug] NAPTR is class agnostic. [RT #25429]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3141. [bug] Silence spurious "zone serial (0) unchanged" messages
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater associated with empty zones. [RT #25079]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3140. [func] New command "rndc flushtree <name>" clears the
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater specified name from the server cache along with
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater all names under it. [RT #19970]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3139. [test] Added tests from RFC 6234, RFC 2202, and RFC 1321
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater for the hashing algorithms (md5, sha1 - sha512, and
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater their hmac counterparts). [RT #25067]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3138. [bug] Address memory leaks and out-of-order operations when
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater shutting named down. [RT #25210]
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updater3137. [func] Improve hardware scalability by allowing multiple
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater worker threads to process incoming UDP packets.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater This can significantly increase query throughput
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater on some systems. [RT #22992]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3136. [func] Add RFC 1918 reverse zones to the list of built-in
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater empty zones switched on by the 'empty-zones-enable'
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater option. [RT #24990]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3134. [bug] Improve the accuracy of dnssec-signzone's signing
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater statistics. [RT #16030]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3133. [bug] Change #3114 was incomplete. [RT #24577]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3132. [placeholder]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3131. [tuning] Improve scalability by allocating one zone task
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater per 100 zones at startup time, rather than using a
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updater fixed-size task table. [RT #24406]
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater3130. [func] Support alternate methods for managing a dynamic
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater zone's serial number. Two methods are currently
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater defined using serial-update-method, "increment"
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater (default) and "unixtime". [RT #23849]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3129. [bug] Named could crash on 'rndc reconfig' when
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater allow-new-zones was set to yes and named ACLs
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater were used. [RT #22739]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater3128. [func] Inserting an NSEC3PARAM via dynamic update in an
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater auto-dnssec zone that has not been signed yet
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater will cause it to be signed with the specified NSEC3
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater parameters when keys are activated. The
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater NSEC3PARAM record will not appear in the zone until
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater it is signed, but the parameters will be stored.
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater3127. [bug] 'rndc thaw' will now remove a zone's journal file
0ece47f7c1cf03718726d9dff183b02fa35115e6Mark Andrews if the zone serial number has been changed and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ixfr-from-differences is not in use. [RT #24687]
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater3126. [security] Using DNAME record to generate replacements caused
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater RPZ to exit with a assertion failure. [RT #24766]
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater3125. [security] Using wildcard CNAME records as a replacement with
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater RPZ caused named to exit with a assertion failure.
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater3124. [bug] Use an rdataset attribute flag to indicate
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater negative-cache records rather than using rrtype 0;
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater this will prevent problems when that rrtype is
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater used in actual DNS packets. [RT #24777]
0429fc942ef48b8ab07a01648b22f98174a2ae6fAutomatic Updater3123. [security] Change #2912 exposed a latent flaw in
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews dns_rdataset_totext() that could cause named to
4ea3649f028ea6a1e42377082a7ccf8f789fb950Automatic Updater crash with an assertion failure. [RT #24777]
644973f327e9db74779e7c0426db90909173b284Automatic Updater3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664]
418cc932318b1d67f88a36904d88d8a5a0a2ba09Automatic Updater3121. [security] An authoritative name server sending a negative
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater response containing a very large RRset could
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater trigger an off-by-one error in the ncache code
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater and crash named. [RT #24650]
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater3120. [bug] Named could fail to validate zones listed in a DLV
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater that validated insecure without using DLV and had
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater DS records in the parent zone. [RT #24631]
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater3119. [bug] When rolling to a new DNSSEC key, a private-type
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater record could be created and never marked complete.
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater3118. [bug] nsupdate could dump core on shutdown when using
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater SIG(0) keys. [RT #24604]
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater3117. [cleanup] Remove doc and parser references to the
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater never-implemented 'auto-dnssec create' option.
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater3116. [func] New 'dnssec-update-mode' option controls updates
7349698120e3f6f51162a2fdb5613f9aecbc78c3Automatic Updater of DNSSEC records in signed dynamic zones. Set to
418cc932318b1d67f88a36904d88d8a5a0a2ba09Automatic Updater 'no-resign' to disable automatic RRSIG regeneration
dc11390a658e02e1a03accd4dbe14c94fa9de556Automatic Updater while retaining the ability to sign new or changed
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews data. [RT #24533]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3115. [bug] Named could fail to return requested data when
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews following a CNAME that points into the same zone.
90863a6f9bfb06062c7fdf269bb675e7b674fc31Mark Andrews3114. [bug] Retain expired RRSIGs in dynamic zones if key is
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews inactive and there is no replacement key. [RT #23136]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3113. [doc] Document the relationship between serial-query-rate
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews and NOTIFY messages.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3112. [doc] Add missing descriptions of the update policy name
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews types "ms-self", "ms-subdomain", "krb5-self" and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews "krb5-subdomain", which allow machines to update
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews their own records, to the BIND 9 ARM.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3111. [bug] Improved consistency checks for dnssec-enable and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews dnssec-validation, added test cases to the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews checkconf system test. [RT #24398]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3110. [bug] dnssec-signzone: Wrong error message could appear
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews when attempting to sign with no KSK. [RT #24369]
68e1b398b5b1b417723e90b5e52b9148f8f93294Automatic Updater3109. [func] The also-notify option now uses the same syntax
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews as a zone's masters clause. This means it is
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews now possible to specify a TSIG key to use when
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews sending notifies to a given server, or to include
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User an explicit named masters list in an also-notfiy
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews statement. [RT #23508]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3108. [cleanup] dnssec-signzone: Clarified some error and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater warning messages; removed #ifdef ALLOW_KSKLESS_ZONES
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater code (use -P instead). [RT #20852]
cff0e0b52cf0928123bad6f3bccf56e22bbc07f5Automatic Updater3107. [bug] dnssec-signzone: Report the correct number of ZSKs
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews when using -x. [RT #20852]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3106. [func] When logging client requests, include the name of
872a5b83f68b8058945298715b0fa53442aad52fAutomatic Updater the TSIG key if any. [RT #23619]
bdcada7d31335e05ebca757eb789e57166fb2a02Tinderbox User3105. [bug] GOST support can be suppressed by "configure
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews --without-gost" [RT #24367]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews3104. [bug] Better support for cross-compiling. [RT #24367]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3103. [bug] Configuring 'dnssec-validation auto' in a view
7a2a1b8b14fc804ac80612d7b98064095e445be5Automatic Updater instead of in the options statement could trigger
7a42357217528037bdfedcb17eeebfe96ae4266aAutomatic Updater an assertion failure in named-checkconf. [RT #24382]
e007e3e5b0316c6c05698a71101885743aca22bdAutomatic Updater3102. [func] New 'dnssec-loadkeys-interval' option configures
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews how often, in minutes, to check the key repository
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington for updates when using automatic key maintenance.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Default is every 60 minutes (formerly hard-coded
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to 12 hours). [RT #23744]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3101. [bug] Zones using automatic key maintenance could fail
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to check the key repository for updates. [RT #23744]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington3100. [security] Certain response policy zone configurations could
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington trigger an INSIST when receiving a query of type
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User RRSIG. [RT #24280]
cff0e0b52cf0928123bad6f3bccf56e22bbc07f5Automatic Updater3099. [test] "dlz" system test now runs but gives R:SKIPPED if
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater not compiled with --with-dlz-filesystem. [RT #24146]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3098. [bug] DLZ zones were answering without setting the AA bit.
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews3097. [test] Add a tool to test handling of malformed packets.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews3096. [bug] Set KRB5_KTNAME before calling log_cred() in
5f7e0eb1cb917b788906d3e2aa01bfc4885dcae4Mark Andrews dst_gssapi_acceptctx(). [RT #24004]
15ae68f3db8261770fc33b8e0f83f5d8c7021e84Mark Andrews3095. [bug] Handle isolated reserved ports in the port range.
2bb3422dc683c013db7042f5736240de6b86f182Automatic Updater3094. [doc] Expand dns64 documentation.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3092. [bug] Signatures for records at the zone apex could go
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater stale due to an incorrect timer setting. [RT #23769]
f262aa9daa94e94de066f1720a90cc2898af38fbAutomatic Updater3091. [bug] Fixed a bug in which zone keys that were published
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User and then subsequently activated could fail to trigger
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater automatic signing. [RT #22911]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3090. [func] Make --with-gssapi default [RT #23738]
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater3089. [func] dnssec-dsfromkey now supports reading keys from
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater standard input "dnssec-dsfromkey -f -". [RT# 20662]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
10640b2e3efc7bc8034108136d7487f7407fbf37Andreas Gustafsson and add setup.sh in order to resolve changing
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic Updater named.conf issue. [RT #23687]
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic Updater3087. [bug] DDNS updates using SIG(0) with update-policy match
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater type "external" could cause a crash. [RT #23735]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater3086. [bug] Running dnssec-settime -f on an old-style key will
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User now force an update to the new key format even if no
bf46736ab182c4663beb5a08cb2ebf7c364e0aa9Automatic Updater other change has been specified, using "-P now -A now"
9c446b72069d0ab9f710502f4d7048e50875fccbAutomatic Updater as default values. [RT #22474]
09091b4f0f69cca36f74a291fa3eb496686aeb1eAutomatic Updater3085. [func] New '-R' option in dnssec-signzone forces removal
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater of signatures which have not yet expired but
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User were generated by a key that no longer exists.
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updater3084. [func] A new command "rndc sync" dumps pending changes in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a dynamic zone to disk; "rndc sync -clean" also
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User removes the journal file after syncing. Also,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "rndc freeze" no longer removes journal files.
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User3083. [bug] NOTIFY messages were not being sent when generating
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User a NSEC3 chain incrementally. [RT #23702]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3082. [port] strtok_r is threads only. [RT #23747]
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User3081. [bug] Failure of DNAME substitution did not return
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User YXDOMAIN. [RT #23591]
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater3080. [cleanup] Replaced compile time constant by STDTIME_ON_32BITS.
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater3079. [bug] Handle isc_event_allocate failures in t_tasks.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater3078. [func] Added a new include file with function typedefs
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater for the DLZ "dlopen" driver. [RT #23629]
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater3077. [bug] zone.c:zone_refreshkeys() incorrectly called
572cb2c1c931f6bc6a4a019c103ae88239b0eb96Automatic Updater dns_zone_attach(), use zone->irefs instead. [RT #23303]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater dnssec-keyfromlabel sets the default TTL of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater key. When possible, automatic signing will use that
9c446b72069d0ab9f710502f4d7048e50875fccbAutomatic Updater TTL when the key is published. [RT #23304]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistent
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater timestamp when determining which keys are active.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3074. [bug] Make the adb cache read through for zone data and
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater glue learn for zone named is authoritative for.
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User3073. [bug] managed-keys changes were not properly being recorded.
478d64f58f5ce7a5e3ea08426d72faca8427c96dAutomatic Updater3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3071. [bug] has_nsec could be used uninitialized in
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater update.c:next_active. [RT #20256]
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User3070. [bug] dnssec-signzone potential NULL pointer dereference.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3069. [cleanup] Silence warnings messages from clang static analysis.
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater3068. [bug] Named failed to build with a OpenSSL without engine
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater support. [RT #23473]
8c6328ab5890aa79d84b86ed672e185dc111bb68Automatic Updater3067. [bug] ixfr-from-differences {master|slave}; failed to
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User select the master/slave zones. [RT #23580]
e007e3e5b0316c6c05698a71101885743aca22bdAutomatic Updater3066. [func] The DLZ "dlopen" driver is now built by default,
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater no longer requiring a configure option. To
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater disable it, use "configure --without-dlopen".
8e9f3b69914ee02a80b87c97b1f8093edb3e9ae0Automatic Updater Driver also supported on win32. [RT #23467]
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater3065. [bug] RRSIG could have time stamps too far in the future.
9d9d2b1450380caab764a1254c1687f0613fc94aAutomatic Updater3064. [bug] powerpc: add sync instructions to the end of atomic
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater operations. [RT #23469]
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater3063. [contrib] More verbose error reporting from DLZ LDAP. [RT #23402]
9d9d2b1450380caab764a1254c1687f0613fc94aAutomatic Updater3062. [func] Made several changes to enhance human readability
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User of DNSSEC data in dig output and in generated
8e9f3b69914ee02a80b87c97b1f8093edb3e9ae0Automatic Updater - DNSKEY record comments are more verbose, no
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater longer used in multiline mode only
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater - multiline RRSIG records reformatted
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater - multiline output mode for NSEC3PARAM records
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - "dig +norrcomments" suppresses DNSKEY comments
713a5e3080f112b3efde9235e9c92035056ff966Automatic Updater - "dig +split=X" breaks hex/base64 records into
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater fields of width X; "dig +nosplit" disables this.
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater3061. [func] New option "dnssec-signzone -D", only write out
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater generated DNSSEC records. [RT #22896]
f8b9948a4116226ac41b5509cca152849006c66cAutomatic Updater3060. [func] New option "dnssec-signzone -X <date>" allows
be46cb4bee9253ee4832340c719920642e00c41aTinderbox User specification of a separate expiration date
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User for DNSKEY RRSIGs and other RRSIGs. [RT #22141]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3059. [test] Added a regression test for change #3023.
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater3058. [bug] Cause named to terminate at startup or rndc reconfig/
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User reload to fail, if a log file specified in the conf
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file isn't a plain file. [RT #22771]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3057. [bug] "rndc secroots" would abort after the first error
572cb2c1c931f6bc6a4a019c103ae88239b0eb96Automatic Updater and so could miss some views. [RT #23488]
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater3056. [func] Added support for URI resource record. [RT #23386]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3055. [placeholder]
233f603cc1e6dd17b8912796f3fff5cfbbb76c90Automatic Updater3054. [bug] Added elliptic curve support check in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater GOST OpenSSL engine detection. [RT #23485]
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater3053. [bug] Under a sustained high query load with a finite
0c4a369f10d0bdfe63caa42bb1913859dd349f21Automatic Updater max-cache-size, it was possible for cache memory
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to be exhausted and not recovered. [RT #23371]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3052. [test] Fixed last autosign test report. [RT #23256]
572cb2c1c931f6bc6a4a019c103ae88239b0eb96Automatic Updater3051. [bug] NS records obscure DNAME records at the bottom of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zone if both are present. [RT #23035]
2bb3422dc683c013db7042f5736240de6b86f182Automatic Updater3050. [bug] The autosign system test was timing dependent.
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater Wait for the initial autosigning to complete
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater before running the rest of the test. [RT #23035]
f4029eb7463e99df00618de89f0bee5ac062a237Automatic Updater3049. [bug] Save and restore the gid when creating creating
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater named.pid at startup. [RT #23290]
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater3048. [bug] Fully separate view key management. [RT #23419]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3047. [bug] DNSKEY NODATA responses not cached fixed in
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User validator.c. Tests added to dnssec system test.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3046. [bug] Use RRSIG original TTL to compute validated RRset
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater and RRSIG TTL. [RT #23332]
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater3045. [removed] Replaced by change #3050.
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User3044. [bug] Hold the socket manager lock while freeing the socket.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3043. [test] Merged in the NetBSD ATF test framework (currently
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater version 0.12) for development of future unit tests.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Use configure --with-atf to build ATF internally
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User or configure --with-atf=prefix to use an external
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User copy. [RT #23209]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3042. [bug] dig +trace could fail attempting to use IPv6
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater addresses on systems with only IPv4 connectivity.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3041. [bug] dnssec-signzone failed to generate new signatures on
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User ttl changes. [RT #23330]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3040. [bug] Named failed to validate insecure zones where a node
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater with a CNAME existed between the trust anchor and the
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater top of the zone. [RT #23338]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3039. [func] Redirect on NXDOMAIN support. [RT #23146]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3038. [bug] Install <dns/rpz.h>. [RT #23342]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3037. [doc] Update COPYRIGHT to contain all the individual
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater copyright notices that cover various parts.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3036. [bug] Check built-in zone arguments to see if the zone
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User is re-usable or not. [RT #21914]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3035. [cleanup] Simplify by using strlcpy. [RT #22521]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3033. [cleanup] Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
59b277af9d9aac08d16be63aed5ae60ac9eef0d5Automatic Updater3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3031. [bug] dns_rdataclass_format() handle a zero sized buffer.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3030. [bug] dns_rdatatype_format() handle a zero sized buffer.
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater3029. [bug] isc_netaddr_format() handle a zero sized buffer.
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3028. [bug] isc_sockaddr_format() handle a zero sized buffer.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3027. [bug] Add documented REQUIREs to cfg_obj_asnetprefix() to
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater catch NULL pointer dereferences before they happen.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3026. [bug] lib/isc/httpd.c: check that we have enough space
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater after calling grow_headerspace() and if not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater re-call grow_headerspace() until we do. [RT #22521]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3025. [bug] Fixed a possible deadlock due to zone resigning.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3024. [func] RTT Banding removed due to minor security increase
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User but major impact on resolver latency. [RT #23310]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3023. [bug] Named could be left in an inconsistent state when
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User receiving multiple AXFR response messages that were
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User not all TSIG-signed. [RT #23254]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3021. [bug] Change #3010 was incomplete. [RT #22296]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3020. [bug] auto-dnssec failed to correctly update the zone when
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater changing the DNSKEY RRset. [RT #23232]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3019. [test] Test: check apex NSEC3 records after adding DNSKEY
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater record via UPDATE. [RT #23229]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3018. [bug] Named failed to check for the "none;" acl when deciding
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater if a zone may need to be re-signed. [RT #23120]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3017. [doc] dnssec-keyfromlabel -I was not properly documented.
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3016. [bug] rndc usage missing '-b'. [RT #22937]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3015. [port] win32: fix IN6_IS_ADDR_LINKLOCAL and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater IN6_IS_ADDR_SITELOCAL macros. [RT #22724]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3014. [placeholder]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3013. [bug] The DNS64 ttl was not always being set as expected.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3012. [bug] Remove DNSKEY TTL change pairs before generating
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater signing records for any remaining DNSKEY changes.
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3011. [func] Change the default query timeout from 30 seconds
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to 10. Allow setting this in named.conf using the new
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater 'resolver-query-timeout' option, which specifies a max
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater time in seconds. 0 means 'default' and anything longer
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User than 30 will be silently set to 30. [RT #22852]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for refreshing managed-keys. [RT #22296]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3009. [bug] clients-per-query code didn't work as expected with
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater particular query patterns. [RT #22972]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater --- 9.8.0b1 released ---
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3008. [func] Response policy zones (RPZ) support. [RT #21726]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3007. [bug] Named failed to preserve the case of domain names in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater rdata which is not compressible when writing master
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User files. [RT #22863]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3006. [func] Allow dynamically generated TSIG keys to be preserved
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater across restarts of named. Initially this is for
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater TSIG keys generated using GSSAPI. [RT #22639]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater3005. [port] Solaris: Work around the lack of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater gsskrb5_register_acceptor_identity() by setting
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater the KRB5_KTNAME environment variable to the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater contents of tkey-gssapi-keytab. Also fixed
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater test errors on MacOSX. [RT #22853]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3004. [func] DNS64 reverse support. [RT #22769]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3003. [experimental] Added update-policy match type "external",
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater enabling named to defer the decision of whether to
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User allow a dynamic update to an external daemon.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater (Contributed by Andrew Tridgell.) [RT #22758]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater3002. [bug] isc_mutex_init_errcheck() failed to destroy attr.
52cfbde0bd391cfb37e3c1a1b460c16ba6bf1a73Automatic Updater3001. [func] Added a default trust anchor for the root zone, which
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User can be switched on by setting "dnssec-validation auto;"
2178b22c8f4a20a0dfc17c93f67789d58530b6e6Automatic Updater in the named.conf options. [RT #21727]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User3000. [bug] More TKEY/GSS fixes:
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User - nsupdate can now get the default realm from
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User the user's Kerberos principal
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater - corrected gsstest compilation flags
0d3490f93bb980fde704055e74c1b508987a5fe4Mark Andrews - improved documentation
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User - fixed some NULL dereferences
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2999. [func] Add GOST support (RFC 5933). [RT #20639]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater to the task api. [RT #22776]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2997. [func] named -V now reports the OpenSSL and libxml2 verions
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater it was compiled against. [RT #22687]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2996. [security] Temporarily disable SO_ACCEPTFILTER support.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2995. [bug] The Kerberos realm was not being correctly extracted
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User from the signer's identity. [RT #22770]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2994. [port] NetBSD: use pthreads by default on NetBSD >= 5.0, and
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater do not use threads on earlier versions. Also kill
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User the unproven-pthreads, mit-pthreads, and ptl2 support.
42c81cf2de732ec6d00e73fc755a399ca037e543Mark Andrews2993. [func] Dynamically grow adb hash tables. [RT #21186]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User for looking at a secure delegation. [RT #22059]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater dynamic zones. [RT #22365]
71fc4775d04aea66809e3eb5b5159c55413bdc5cMark Andrews2990. [bug] 'dnssec-settime -S' no longer tests prepublication
71fc4775d04aea66809e3eb5b5159c55413bdc5cMark Andrews interval validity when the interval is set to 0.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2989. [func] Added support for writable DLZ zones. (Contributed
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater by Andrew Tridgell of the Samba project.) [RT #22629]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater of external DLZ drivers that can be loaded as
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater shared objects at runtime rather than linked with
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater named. Currently this is switched on via a
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater compile-time option, "configure --with-dlz-dlopen".
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater Note: the syntax for configuring DLZ zones
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater is likely to be refined in future releases.
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater (Contributed by Andrew Tridgell of the Samba
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater project.) [RT #22629]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2987. [func] Improve ease of configuring TKEY/GSS updates by
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User adding a "tkey-gssapi-keytab" option. If set,
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User updates will be allowed with any key matching
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User a principal in the specified keytab file.
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater "tkey-gssapi-credential" is no longer required
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and is expected to be deprecated. (Contributed
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User by Andrew Tridgell of the Samba project.)
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2986. [func] Add new zone type "static-stub". It's like a stub
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User zone, but the nameserver names and/or their IP
5b10b473e94d11cddac29340317ec3ad2a856598Automatic Updater addresses are statically configured. [RT #21474]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2985. [bug] Add a regression test for change #2896. [RT #21324]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson2984. [bug] Don't run MX checks when the target of the MX record
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson is ".". [RT #22645]
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater2983. [bug] Include "loadkeys" in rndc help output. [RT #22493]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson --- 9.8.0a1 released ---
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2982. [bug] Reference count dst keys. dst_key_attach() can be used
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User increment the reference count.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Note: dns_tsigkey_createfromkey() callers should now
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User always call dst_key_free() rather than setting it
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater to NULL on success. [RT #22672]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater2980. [bug] named didn't properly handle UPDATES that changed the
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater TTL of the NSEC3PARAM RRset. [RT #22363]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2979. [bug] named could deadlock during shutdown if two
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater "rndc stop" commands were issued at the same
8a507eb20351ee478e8c05620c6899f0a04c1853Automatic Updater time. [RT #22108]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater2978. [port] hpux: look for <devpoll.h> [RT #21919]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater2977. [bug] 'nsupdate -l' report if the session key is missing.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater2976. [bug] named could die on exit after negotiating a GSS-TSIG
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater key. [RT #22573]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater wrong lock which could lead to server deadlock.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2974. [bug] Some valid UPDATE requests could fail due to a
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User consistency check examining the existing version
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater of the zone rather than the new version resulting
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User from the UPDATE. [RT #22413]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater2973. [bug] bind.keys.h was being removed by the "make clean"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User at the end of configure resulting in build failures
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater where there is very old version of perl installed.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater Move it to "make maintainer-clean". [RT #22230]
da24e725ff982595d74da7e75e9fbd6a696367ccAutomatic Updater2972. [bug] win32: address windows socket errors. [RT #21906]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater2971. [bug] Fixed a bug that caused journal files not to be
f262aa9daa94e94de066f1720a90cc2898af38fbAutomatic Updater compacted on Windows systems as a result of
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater non-POSIX-compliant rename() semantics. [RT #22434]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater2970. [security] Adding a NO DATA negative cache entry failed to clear
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater any matching RRSIG records. A subsequent lookup of
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User of NO DATA cache entry could trigger a INSIST when the
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater unexpected RRSIG was also returned with the NO DATA
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater CVE-2010-3613, VU#706148. [RT #22288]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater2969. [security] Fix acl type processing so that allow-query works
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater in options and view statements. Also add a new
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater set of tests to verify proper functioning.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User CVE-2010-3615, VU#510208. [RT #22418]
1fdd58445074579ee3b65c871137a7a1740eb542Mark Andrews2968. [security] Named could fail to prove a data set was insecure
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User before marking it as insecure. One set of conditions
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater that can trigger this occurs naturally when rolling
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater DNSKEY algorithms.
603cf17f33da24d460616389ec40d6f2a6e110a0Automatic Updater CVE-2010-3614, VU#837744. [RT #22309]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater2967. [bug] 'host -D' now turns on debugging messages earlier.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater2966. [bug] isc_print_vsnprintf() failed to check if there was
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater space available in the buffer when adding a left
55aec75784a22e9d06d52b2b8a7d5aa42d31dc00Automatic Updater justified character with a non zero width,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (e.g. "%-1c"). [RT #22270]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2965. [func] Test HMAC functions using test data from RFC 2104 and
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater RFC 4634. [RT #21702]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2964. [placeholder]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2963. [security] The allow-query acl was being applied instead of the
db5b7e2cdf150c46e8242d3e2e3ad3f5c7300258Automatic Updater allow-query-cache acl to cache lookups. [RT #22114]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater2962. [port] win32: add more dependencies to BINDBuild.dsw.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2961. [bug] Be still more selective about the non-authoritative
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater answers we apply change 2748 to. [RT #22074]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater2960. [func] Check that named accepts non-authoritative answers.
3c02671513da2af836b985c5e70c8e44583359afAutomatic Updater2959. [func] Check that named starts with a missing masterfile.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater2958. [bug] named failed to start with a missing master file.
47ff70af9e842bf0f69d209433995216f560fe4aAutomatic Updater2957. [bug] entropy_get() and entropy_getpseudo() failed to match
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the API for RAND_bytes() and RAND_pseudo_bytes()
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater respectively. [RT #21962]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater2955. [func] Provide more detail in the recursing log. [RT #22043]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater build_sqldbinstance failure. [RT #21623]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2953. [bug] Silence spurious "expected covering NSEC3, got an
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater exact match" message when returning a wildcard
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater no data response. [RT #21744]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater2952. [port] win32: named-checkzone and named-checkconf failed
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater to initialize winsock. [RT #21932]
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater2951. [bug] named failed to generate a correct signed response
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in a optout, delegation only zone with no secure
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater delegations. [RT #22007]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2950. [bug] named failed to perform a SOA up to date check when
83d29eff2912ef967596eb5ed148de7668b35564Automatic Updater falling back to TCP on UDP timeouts when
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ixfr-from-differences was set. [RT #21595]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2949. [bug] dns_view_setnewzones() contained a memory leak if
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater it was called multiple times. [RT #21942]
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater2948. [port] MacOS: provide a mechanism to configure the test
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User interfaces at reboot. See bin/tests/system/README
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2947. [placeholder]
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater2946. [doc] Document the default values for the minimum and maximum
78bc8fdc2488c92d7228e8de19827e2c114c56caAutomatic Updater zone refresh and retry values in the ARM. [RT #21886]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2945. [doc] Update empty-zones list in ARM. [RT #21772]
9d80d23172c30fd63e5046a7e69b8445e564ff31Automatic Updater2944. [maint] Remove ORCHID prefix from built in empty zones.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2943. [func] Add support to load new keys into managed zones
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater without signing immediately with "rndc loadkeys".
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater Add support to link keys with "dnssec-keygen -S"
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater and "dnssec-settime -S". [RT #21351]
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater2942. [contrib] zone2sqlite failed to setup the entropy sources.
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater2941. [bug] sdb and sdlz (dlz's zone database) failed to support
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater DNAME at the zone apex. [RT #21610]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater2940. [port] Remove connection aborted error message on
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater Windows. [RT #21549]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater2939. [func] Check that named successfully skips NSEC3 records
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User that fail to match the NSEC3PARAM record currently
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User in use. [RT# 21868]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2938. [bug] When generating signed responses, from a signed zone
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater that uses NSEC3, named would use a uninitialized
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User pointer if it needed to skip a NSEC3 record because
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User it didn't match the selected NSEC3PARAM record for
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User zone. [RT# 21868]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2937. [bug] Worked around an apparent race condition in over
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User memory conditions. Without this fix a DNS cache DB or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ADB could incorrectly stay in an over memory state,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater effectively refusing further caching, which
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater subsequently made a BIND 9 caching server unworkable.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater This fix prevents this problem from happening by
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater polling the state of the memory context, rather than
2bb3422dc683c013db7042f5736240de6b86f182Automatic Updater making a copy of the state, which appeared to cause
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a race. This is a "workaround" in that it doesn't
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater solve the possible race per se, but several experiments
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater proved this change solves the symptom. Also, the
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User polling overhead hasn't been reported to be an issue.
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater This bug should only affect a caching server that
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User specifies a finite max-cache-size. It's also quite
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User likely that the bug happens only when enabling threads,
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater but it's not confirmed yet. [RT #21818]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater2936. [func] Improved configuration syntax and multiple-view
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater support for addzone/delzone feature (see change
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User #2930). Removed "new-zone-file" option, replaced
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User with "allow-new-zones (yes|no)". The new-zone-file
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for each view is now created automatically, with
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater a filename generated from a hash of the view name.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater It is no longer necessary to "include" the
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater new-zone-file in named.conf; this happens
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater automatically. Zones that were not added via
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater "rndc addzone" can no longer be removed with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "rndc delzone". [RT #19447]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2935. [bug] nsupdate: improve 'file not found' error message.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2933. [bug] 'dig +nsid' used stack memory after it went out of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater scope. This could potentially result in a unknown,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater potentially malformed, EDNS option being sent instead
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of the desired NSID option. [RT #21781]
681beefc668253b3e469a1de282fbc33a3752422Automatic Updater2932. [cleanup] Corrected a numbering error in the "dnssec" test.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater2931. [bug] Temporarily and partially disable change 2864
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User because it would cause infinite attempts of RRSIG
b16e2045ac28229c31f1ea3ebad15cbcb13e1d24Automatic Updater queries. This is an urgent care fix; we'll
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater revisit the issue and complete the fix later.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2930. [experimental] New "rndc addzone" and "rndc delzone" commands
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater allow dynamic addition and deletion of zones.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater To enable this feature, specify a "new-zone-file"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater option at the view or options level in named.conf.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Zone configuration information for the new zones
71bfd0968456cc0c69fd400d2dafd02977c649d2Tinderbox User will be written into that file. To make the new
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zones persist after a restart, "include" the file
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater into named.conf in the appropriate view. (Note:
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User This feature is not yet documented, and its syntax
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater is expected to change.) [RT #19447]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2929. [bug] Improved handling of GSS security contexts:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - added LRU expiration for generated TSIGs
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater - added the ability to use a non-default realm
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User - added new "realm" keyword in nsupdate
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - limited lifetime of generated keys to 1 hour
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User or the lifetime of the context (whichever is
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater2928. [bug] Be more selective about the non-authoritative
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater answer we apply change 2748 to. [RT #21594]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2927. [placeholder]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2926. [placeholder]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2925. [bug] Named failed to accept uncachable negative responses
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User from insecure zones. [RT# 21555]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2924. [func] 'rndc secroots' dump a combined summary of the
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User current managed keys combined with trusted keys.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2923. [bug] 'dig +trace' could drop core after "connection
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User timeout". [RT #21514]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2922. [contrib] Update zkt to version 1.0.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2921. [bug] The resolver could attempt to destroy a fetch context
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User too soon. [RT #19878]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater to IPv4 clients. New acl 'filter-aaaa' (default any).
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2917. [func] Virtual time test framework. [RT #20801]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2916. [func] Add framework to use IPv6 in tests.
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updater fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2915. [cleanup] Be smarter about which objects we attempt to compile
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater based on configure options. [RT #21444]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2914. [bug] Make the "autosign" system test more portable.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2913. [func] Add pkcs#11 system tests. [RT #20784]
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater2912. [func] Windows clients don't like UPDATE responses that clear
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the zone section. [RT #20986]
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater2911. [bug] dnssec-signzone didn't handle out of zone records well.
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater2910. [func] Sanity check Kerberos credentials. [RT #20986]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2909. [bug] named-checkconf -p could die if "update-policy local;"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User was specified in named.conf. [RT #21416]
ce0fd07045292942bfa3e755d9ce596941528a63Automatic Updater2908. [bug] It was possible for re-signing to stop after removing
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic Updater a DNSKEY. [RT #21384]
523b258f0045155255bc61cd75f5cc605013fa7dAutomatic Updater2907. [bug] The export version of libdns had undefined references.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2905. [port] aix: set use_atomic=yes with native compiler.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater2904. [bug] When using DLV, sub-zones of the zones in the DLV,
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater could be incorrectly marked as insecure instead of
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User secure leading to negative proofs failing. This was
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater a unintended outcome from change 2890. [RT# 21392]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2903. [bug] managed-keys-directory missing from namedconf.c.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2902. [func] Add regression test for change 2897. [RT #21040]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater2900. [bug] The placeholder negative caching element was not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater properly constructed triggering a INSIST in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater dns_ncache_towire(). [RT #21346]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2899. [port] win32: Support linking against OpenSSL 1.0.0.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2898. [bug] nslookup leaked memory when -domain=value was
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specified. [RT #21301]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater2897. [bug] NSEC3 chains could be left behind when transitioning
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to insecure. [RT #21040]
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater2896. [bug] "rndc sign" failed to properly update the zone
098097efb95046a4a5285b6dae95dea3e3b70853Automatic Updater when adding a DNSKEY for publication only. [RT #21045]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2895. [func] genrandom: add support for the generation of multiple
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater files. [RT #20917]
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater2893. [bug] Improve managed keys support. New named.conf option
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater managed-keys-directory. [RT #20924]
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater2892. [bug] Handle REVOKED keys better. [RT #20961]
0429fc942ef48b8ab07a01648b22f98174a2ae6fAutomatic Updater2891. [maint] Update empty-zones list to match
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2890. [bug] Handle the introduction of new trusted-keys and
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater DS, DLV RRsets better. [RT #21097]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater2889. [bug] Elements of the grammar where not properly reported.
e705db6d5d886dc14f4a75a2046a075c0750e7eeAutomatic Updater2888. [bug] Only the first EDNS option was displayed. [RT #21273]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2887. [bug] Report the keytag times in UTC in the .key file,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater local time is presented as a comment within the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater comment. [RT #21223]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2886. [bug] ctime() is not thread safe. [RT #21223]
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater2885. [bug] Improve -fno-strict-aliasing support probing in
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater configure. [RT #21080]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2884. [bug] Insufficient validation in dns_name_getlabelsequence().
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater2883. [bug] 'dig +short' failed to handle really large datasets.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater2882. [bug] Remove memory context from list of active contexts
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater before clearing 'magic'. [RT #21274]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2881. [bug] Reduce the amount of time the rbtdb write lock
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is held when closing a version. [RT #21198]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User consistent. [RT #21078]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2878. [func] Incrementally write the master file after performing
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a AXFR. [RT #21010]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2877. [bug] The validator failed to skip obviously mismatching
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater RRSIGs. [RT #21138]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2876. [bug] Named could return SERVFAIL for negative responses
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater from unsigned zones. [RT #21131]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2875. [bug] dns_time64_fromtext() could accept non digits.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2874. [bug] Cache lack of EDNS support only after the server
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater successfully responds to the query using plain DNS.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2873. [bug] Canceling a dynamic update via the dns/client module
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater could trigger an assertion failure. [RT #21133]
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic Updater2872. [bug] Modify dns/client.c:dns_client_createx() to only
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson require one of IPv4 or IPv6 rather than both.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2871. [bug] Type mismatch in mem_api.c between the definition and
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User the header file, causing build failure with
f262aa9daa94e94de066f1720a90cc2898af38fbAutomatic Updater --enable-exportlib. [RT #21138]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater2868. [cleanup] Run "make clean" at the end of configure to ensure
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater any changes made by configure are integrated.
e5fe07a7ebff18f7ed4ac434b37daff6c8ee5d5bAutomatic Updater Use --with-make-clean=no to disable. [RT #20994]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User don't like it. [RT #20986]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2866. [bug] Windows does not like the TSIG name being compressed.
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic Updater2865. [bug] memset to zero event.data. [RT #20986]
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic Updater2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
f262aa9daa94e94de066f1720a90cc2898af38fbAutomatic Updater2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
a900e4f99ff134b567b6df5ac2c841c7d0c551d3Automatic Updater2862. [bug] nsupdate didn't default to the parent zone when
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater updating DS records. [RT #20896]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2861. [doc] dnssec-settime man pages didn't correctly document the
bde521789ec55f11ac6966d16bcd187e8fa1d4bfAutomatic Updater inactivation time. [RT #21039]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2860. [bug] named-checkconf's usage was out of date. [RT #21039]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2859. [bug] When canceling validation it was possible to leak
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater memory. [RT #20800]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2858. [bug] RTT estimates were not being adjusted on ICMP errors.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2857. [bug] named-checkconf did not fail on a bad trusted key.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2856. [bug] The size of a memory allocation was not always properly
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater recorded. [RT #20927]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2855. [func] nsupdate will now preserve the entered case of domain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater names in update requests it sends. [RT #20928]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2854. [func] dig: allow the final soa record in a axfr response to
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User be suppressed, dig +onesoa. [RT #20929]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2851. [doc] nslookup.1, removed <informalexample> from the docbook
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater source as it produced bad nroff. [RT #21007]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2850. [bug] If isc_heap_insert() failed due to memory shortage
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the heap would have corrupted entries. [RT #20951]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews2849. [bug] Don't treat errors from the xml2 library as fatal.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews README.rfc5011 into the ARM. [RT #20899]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2846. [bug] EOF on unix domain sockets was not being handled
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews correctly. [RT #20731]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2844. [doc] notify-delay default in ARM was wrong. It should have
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews been five (5) seconds.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews creating key files if there is a chance that the new
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews key ID will collide with an existing one after
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews either of the keys has been revoked. (To override
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews this in the case of dnssec-keyfromlabel, use the -y
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews option. dnssec-keygen will simply create a
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews different, non-colliding key, so an override is
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews not necessary.) [RT #20838]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2842. [func] Added "smartsign" and improved "autosign" and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews "dnssec" regression tests. [RT #20865]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2841. [bug] Change 2836 was not complete. [RT #20883]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews2840. [bug] Temporary fixed pkcs11-destroy usage check.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews2839. [bug] A KSK revoked by named could not be deleted.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews2838. [placeholder]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2837. [port] Prevent Linux spurious warnings about fwrite().
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2836. [bug] Keys that were scheduled to become active could
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews be delayed. [RT #20874]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews2835. [bug] Key inactivity dates were inadvertently stored in
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews the private key file with the outdated tag
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews "Unpublish" rather than "Inactive". This has been
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews fixed; however, any existing keys that had Inactive
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews dates set will now need to have them reset, using
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews 'dnssec-settime -I'. [RT #20868]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2834. [bug] HMAC-SHA* keys that were longer than the algorithm
e23256e740b238bddb4ba41ffac5f81a01c92245Automatic Updater digest length were used incorrectly, leading to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater interoperability problems with other DNS
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater implementations. This has been corrected.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (Note: If an oversize key is in use, and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater compatibility is needed with an older release of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater BIND, the new tool "isc-hmac-fixup" can convert
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the key secret to a form that will work with all
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater versions.) [RT #20751]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to avoid redefinition in some OSs [RT 20831]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson2831. [security] Do not attempt to validate or cache
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic Updater out-of-bailiwick data returned with a secure
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson answer; it must be re-fetched from its original
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic Updater source and validated in that context. [RT #20819]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater2830. [bug] Changing the OPTOUT setting could take multiple
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater passes. [RT #20813]
713c3d5b18463f2479973e4d14f73248e60a5df7Mark Andrews2829. [bug] Fixed potential node inconsistency in rbtdb.c.
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater2828. [security] Cached CNAME or DNAME RR could be returned to clients
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater without DNSSEC validation. [RT #20737]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
992616aaf75643a0c9f84826f0a1ed5a27e84328Mark Andrews2826. [bug] NSEC3->NSEC transitions could fail due to a lock not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater being released. [RT #20740]
2fd97723b2ec7fc1975672780ab0c1c9a8c369d6Automatic Updater2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User was in the process of being created was not properly
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater recorded in the zone. [RT #20786]
9fa6e3bdb4ec36d8734c63c4366375a681aa3a4dAutomatic Updater2824. [bug] "rndc sign" was not being run by the correct task.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2822. [bug] rbtdb.c:loadnode() could return the wrong result.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2821. [doc] Add note that named-checkconf doesn't automatically
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2820. [func] Handle read access failure of OpenSSL configuration
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews file more user friendly (PKCS#11 engine patch).
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2818. [cleanup] rndc could return an incorrect error code
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater when a zone was not found. [RT #20767]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2816. [bug] previous_closest_nsec() could fail to return
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews data for NSEC3 nodes [RT #29730]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2815. [bug] Exclusively lock the task when freezing a zone.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2814. [func] Provide a definitive error message when a master
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews zone is not loaded. [RT #20757]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2813. [bug] Better handling of unreadable DNSSEC key files.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2812. [bug] Make sure updates can't result in a zone with
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews NSEC-only keys and NSEC3 records. [RT #20748]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews output. [RT #20733]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2810. [doc] Clarified the process of transitioning an NSEC3 zone
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews to insecure. [RT #20746]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2809. [cleanup] Restored accidentally-deleted text in usage output
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater in dnssec-settime and dnssec-revoke [RT #20739]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2808. [bug] Remove the attempt to install atomic.h from lib/isc.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater atomic.h is correctly installed by the architecture
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews specific subdirectories. [RT #20722]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2807. [bug] Fixed a possible ASSERT when reconfiguring zone
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater keys. [RT #20720]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater --- 9.7.0rc1 released ---
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2806. [bug] "rdnc sign" could delay re-signing the DNSKEY
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater when it had changed. [RT #20703]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2805. [bug] Fixed namespace problems encountered when building
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater external programs using non-exported BIND9 libraries
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater (i.e., built without --enable-exportlib). [RT #20679]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2804. [bug] Send notifies when a zone is signed with "rndc sign"
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater or as a result of a scheduled key change. [RT #20700]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2803. [port] win32: Install named-journalprint, nsec3hash, arpaname
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater and genrandom under windows. [RT #20670]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2801. [func] Detect and report records that are different according
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews to DNSSEC but are semantically equal according to plain
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater DNS. Apply plain DNS comparisons rather than DNSSEC
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews comparisons when processing UPDATE requests.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews dnssec-signzone now removes such semantically duplicate
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater records prior to signing the RRset.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater named-checkzone -r {ignore|warn|fail} (default warn)
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews named-compilezone -r {ignore|warn|fail} (default warn)
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews named.conf: check-dup-records {ignore|warn|fail};
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2800. [func] Reject zones which have NS records which refer to
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews CNAMEs, DNAMEs or don't have address record (class IN
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews only). Reject UPDATEs which would cause the zone
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews to fail the above checks if committed. [RT #20678]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2799. [cleanup] Changed the "secure-to-insecure" option to
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews "dnssec-secure-to-insecure", and "dnskey-ksk-only"
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2798. [bug] Addressed bugs in managed-keys initialization
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews and rollover. [RT #20683]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2797. [bug] Don't decrement the dispatch manager's maxbuffers.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2796. [bug] Missing dns_rdataset_disassociate() call in
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews dns_nsec3_delnsec3sx(). [RT #20681]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2795. [cleanup] Add text to differentiate "update with no effect"
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews log messages. [RT #18889]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2794. [bug] Install <isc/namespace.h>. [RT #20677]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2793. [func] Add "autosign" and "metadata" tests to the
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews automatic tests. [RT #19946]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2792. [func] "filter-aaaa-on-v4" can now be set in view
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews options (if compiled in). [RT #20635]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2791. [bug] The installation of isc-config.sh was broken.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2790. [bug] Handle DS queries to stub zones. [RT #20440]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2788. [bug] dnssec-signzone could sign with keys that were
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews not requested [RT #20625]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2787. [bug] Spurious log message when zone keys were
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews dynamically reconfigured. [RT #20659]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2786. [bug] Additional could be promoted to answer. [RT #20663]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater --- 9.7.0b3 released ---
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2785. [bug] Revoked keys could fail to self-sign [RT #20652]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2784. [bug] TC was not always being set when required glue was
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews dropped. [RT #20655]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews buffer size of 512 or less. [RT #20654]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2782. [port] win32: use getaddrinfo() for hostname lookups.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2781. [bug] Inactive keys could be used for signing. [RT #20649]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2780. [bug] dnssec-keygen -A none didn't properly unset the
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews activation date in all cases. [RT #20648]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2779. [bug] Dynamic key revocation could fail. [RT #20644]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2778. [bug] dnssec-signzone could fail when a key was revoked
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews without deleting the unrevoked version. [RT #20638]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2776. [bug] Change #2762 was not correct. [RT #20647]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater in dnssec-keyfromlabel. [RT #20643]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2774. [bug] Existing cache DB wasn't being reused after
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater reconfiguration. [RT #20629]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2773. [bug] In autosigned zones, the SOA could be signed
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews with the KSK. [RT #20628]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2772. [security] When validating, track whether pending data was from
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater the additional section or not and only return it if
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater validates as secure. [RT #20438]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2771. [bug] dnssec-signzone: DNSKEY records could be
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews corrupted when importing from key files [RT #20624]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2770. [cleanup] Add log messages to resolver.c to indicate events
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater causing FORMERR responses. [RT #20526]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2769. [cleanup] Change #2742 was incomplete. [RT #19589]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2767. [bug] named could crash on startup if a zone was
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews configured with auto-dnssec and there was no
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews key-directory. [RT #20615]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2766. [bug] isc_socket_fdwatchpoke() should only update the
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews socketmgr state if the socket is not pending on a
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews read or write. [RT #20603]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2765. [bug] Skip masters for which the TSIG key cannot be found.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2762. [bug] DLV validation failed with a local slave DLV zone.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2761. [cleanup] Enable internal symbol table for backtrace only for
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater systems that are known to work. Currently, BSD
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater variants, Linux and Solaris are supported. [RT# 20202]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2759. [doc] Add information about .jbk/.jnw files to
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews the ARM. [RT #20303]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2758. [bug] win32: Added a workaround for a windows 2008 bug
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews that could cause the UDP client handler to shut
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater down. [RT #19176]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2757. [bug] dig: assertion failure could occur in connect
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews timeout. [RT #20599]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2755. [placeholder]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2754. [bug] Secure-to-insecure transitions failed when zone
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews was signed with NSEC3. [RT #20587]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2753. [bug] Removed an unnecessary warning that could appear when
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews building an NSEC chain. [RT #20589]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2752. [bug] Locking violation. [RT #20587]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2750. [bug] dig: assertion failure could occur when a server
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews didn't have an address. [RT #20579]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2749. [bug] ixfr-from-differences generated a non-minimal ixfr
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater for NSEC3 signed zones. [RT #20452]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2748. [func] Identify bad answers from GTLD servers and treat them
9876f11b26bdb27d145fdf9e7d996894398066aeAutomatic Updater as referrals. [RT #18884]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2747. [bug] Journal roll forwards failed to set the re-signing
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater time of RRSIGs correctly. [RT #20541]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2746. [port] hpux: address signed/unsigned expansion mismatch of
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2745. [bug] configure script didn't probe the return type of
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews gai_strerror(3) correctly. [RT #20573]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2744. [func] Log if a query was over TCP. [RT #19961]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater for a insecure delegation.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater --- 9.7.0b2 released ---
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2742. [cleanup] Clarify some DNSSEC-related log messages in
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2741. [func] Allow the dnssec-keygen progress messages to be
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews suppressed (dnssec-keygen -q). Automatically
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews suppress the progress messages when stdin is not
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews a tty. [RT #20474]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2740. [placeholder]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2739. [cleanup] Clean up API for initializing and clearing trust
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews anchors for a view. [RT #20211]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews test. [RT #20453]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2737. [func] UPDATE requests can leak existence information.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2736. [func] Improve the performance of NSEC signed zones with
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews more than a normal amount of glue below a delegation.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2735. [bug] dnssec-signzone could fail to read keys
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews that were specified on the command line with
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews full paths, but weren't in the current
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews directory. [RT #20421]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2734. [port] cygwin: arpaname did not compile. [RT #20473]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews2733. [cleanup] Clean up coding style in pkcs11-* tools. [RT #20355]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2732. [func] Add optional filter-aaaa-on-v4 option, available
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater if built with './configure --enable-filter-aaaa'.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater Filters out AAAA answers to clients connecting
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater via IPv4. (This is NOT recommended for general
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater use.) [RT #20339]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater2731. [func] Additional work on change 2709. The key parser
990743075cd7b0ee4bc0c8bf013bb1d9662a3167Mark Andrews will now ignore unrecognized fields when the
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater minor version number of the private key format
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews has been increased. It will reject any key with
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater the major version number increased. [RT #20310]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater2730. [func] Have dnssec-keygen display a progress indication
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater a la 'openssl genrsa' on standard error. Note
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User when the first '.' is followed by a long stop
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User one has the choice between slow generation vs.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User poor random quality, i.e., '-r /dev/urandom'.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2729. [func] When constructing a CNAME from a DNAME use the DNAME
200a9e7da827b67d99193bf793aea9f3e3fa1b43Tinderbox User TTL. [RT #20451]
af9dbf1ccdd53933aaae9300d13ce0965d39b067Evan Hunt2728. [bug] dnssec-keygen, dnssec-keyfromlabel and
f262aa9daa94e94de066f1720a90cc2898af38fbAutomatic Updater dnssec-signzone now warn immediately if asked to
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User write into a nonexistent directory. [RT #20278]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2727. [func] The 'key-directory' option can now specify a relative
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User path. [RT #20154]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2726. [func] Added support for SHA-2 DNSSEC algorithms,
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User RSASHA256 and RSASHA512. [RT #20023]
af9dbf1ccdd53933aaae9300d13ce0965d39b067Evan Hunt2725. [doc] Added information about the file "managed-keys.bind"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User to the ARM. [RT #20235]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2724. [bug] Updates to a existing node in secure zone using NSEC
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User were failing. [RT #20448]
09091b4f0f69cca36f74a291fa3eb496686aeb1eAutomatic Updater2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater isc_base64_totext(), didn't always mark regions of
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater memory as fully consumed after conversion. [RT #20445]
46da3117812814a29432a8d9a9ccf8acdbfdadceAutomatic Updater2722. [bug] Ensure that the memory associated with the name of
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater a node in a rbt tree is not altered during the life
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews of the node. [RT #20431]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2721. [port] Have dst__entropy_status() prime the random number
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User generator. [RT #20369]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2720. [bug] RFC 5011 trust anchor updates could trigger an
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User assert if the DNSKEY record was unsigned. [RT #20406]
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User2719. [func] Skip trusted/managed keys for unsupported algorithms.
2717. [bug] named failed to update the NSEC/NSEC3 record when
2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
2711. [port] win32: Add the bin/pkcs11 tools into the full
by the named.conf option 'secure-to-insecure'.
(i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
2699. [bug] Missing lock in rbtdb.c. [RT #20037]
S_IFREG are defined after including <isc/stat.h>.
2695. [func] DHCP/DDNS - update fdwatch code for use by
2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
2679. [func] dig -k can now accept TSIG keys in named.conf
- New "inactive" date (dnssec-keygen/settime -I)
2673. [bug] The managed-keys.bind zone file could fail to
2664. [bug] create_keydata() and minimal_update() in zone.c
applications. See README.libdns. [RT #19369]
2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2632. [func] util/kit.sh: warn if documentation appears to be out of
2628. [port] linux: Allow /var/run/named/named.pid to be opened
2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
2617. [bug] ifconfig.sh failed to emit an error message when
2616. [bug] 'host' used the nameservers from resolv.conf even
configuration text for named.conf
from a NSEC3 signed master/slave zone. [RT #19464]
2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
2590. [func] Report zone/class of "update with no effect".
2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
of "dnssec-lookaside . trust-anchor dlv.isc.org;"
plus setting a trusted-key for dlv.isc.org.
by) $sysconfdir/bind.keys. As the ISC DLV key
the bind.keys file with a key downloaded from
https://www.isc.org/solutions/dlv. [RT #18685]
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
2548. [bug] Install iterated_hash.h. [RT #19335]
2547. [bug] openssl_link.c:mem_realloc() could reference an
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2538. [bug] cache/ADB memory could grow over max-cache-size,
2519. [bug] dig/host with -4 or -6 didn't work if more than two
preceded in resolv.conf. [RT #19081]
document function in <isc/radix.h>. [RT #18534]
2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
are now /var/run/named/named.pid and
/var/run/lwresd/lwresd.pid respectively.
2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
specified in named.conf doesn't seem to work with
2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
2455. [bug] Stop metadata being transferred via axfr/ixfr.
2452. [func] Improve bin/test/journalprint. [RT #18316]
epoll and /dev/poll to be selected at compile
completion event send out canceled read/write
in rbtdb.c. [RT #18455]
2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
temporary, named.conf option reserved-sockets,
assertion in acl.c. [RT #18166]
2390. [bug] dispatch.c could make a false warning on 'odd socket'.
2387. [bug] Silence compiler warnings in lib/isc/radix.c.
2385. [bug] A condition variable in socket.c could leak in
2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
Documentation is in the new README.pkcs11 file.
were set at both the options/view level and in
named.conf. [RT #17581]
See <isc/mem.h> for details.
2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
rbtdb.c. Implement dead node processing in zones as
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
addresses in acl.c. [RT #17519]
bin/named/lwdnoop.c. [RT #17476]
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
debug/fatal messages. [RT #17501]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
2306. [bug] Remove potential race from lib/dns/resolver.c.
2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
bin/tests/system/lwresd/lwtest.c. [RT #17474]
bin/tests/names/t_names.c. [RT #17473]
bin/nsupdate/nsupdate.c. [RT #17475]
bin/tests/timers/t_timers.c. [RT #17468]
bin/tests/dst/t_dst.c. [RT #17467]
2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
stub/slave master and journal files. [RT# 17279]
2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
2266. [bug] client.c:get_clientmctx() returned the same mctx
2257. [bug] win32: Use the full path to vcredist_x86.exe when
bindevt.dll. [RT #17159]
2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
2247. [doc] Sort doc/misc/options. [RT #17067]
2246. [bug] Make the startup of test servers (ans.pl) more
2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
If allow-query-cache is not set in named.conf then
If allow-recursion is not set in named.conf then
2194. [bug] Close journal before calling 'done' in xfrin.c.
2193. [port] win32: BINDInstall.exe is now linked statically.
2192. [port] win32: use vcredist_x86.exe to install Visual
2184. [bug] bind9.xsl.h didn't build out of the source tree.
2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
need to ship Microsoft.VC80.MFCLOC.
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
dighost.c:get_trusted_key(). [RT #16678]
hmac_link.c. [RT #16437]
2145. [bug] Check DS/DLV digest lengths for known digests.
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
in adb.c. [RT #16670]
2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2137. [port] Mips little endian and/or mips 64 bit are now
2136. [bug] nslookup/host looped if there was no search list
2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2114. [bug] dig/host/nslookup: searches for names with multiple
2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2103. [port] Add /usr/sfw to list of locations for OpenSSL
2100. [port] win32: copy libeay32.dll to Build\Debug.
2098. [bug] Race in rbtdb.c:no_references(), which occasionally
if resolv.conf does not exist or no nameservers
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2085. [doc] win32: added index.html and README to zip. [RT #16201]
2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
2080. [port] libbind: res_init.c did not compile on older versions
2076. [bug] Several files were missing #include <config.h>
of authoritative servers that drop EDNS and/or CD
2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
2043. [port] nsupdate/nslookup: Force the flushing of the prompt
2038. [bug] dig/nslookup/host was unlinking from wrong list
a non slave/stub zone. [RT # 16073]
2028. [port] linux: socket.c compatibility for old systems.
2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
2008. [func] It is now possible to enable/disable DNSSEC
breaks DNSSEC (firewall/proxy). [RT #15592]
2003. [bug] libbind: The DNS name/address lookup functions could
1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1981. [bug] win32: condition.c:wait() could fail to reattain
1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
now be set in named.conf (max-udp-size). This is
xfrin.c:maybe_free() if named ran out of memory.
1944. [cleanup] isc_hash_create() does not need a read/write lock.
1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
1922. [bug] check-tool.c:setup_logging() missing call to
1919. [contrib] queryperf: a set of new features: collecting/printing
'RD' was set in the query. host/nslookup skip servers
1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
when CFLAGS contains "-I /usr/local/include"
1839. [bug] <isc/hash.h> was not being installed.
1836. [cleanup] Silence compiler warnings in hash_test.c.
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
rbtdb.c:subtractrdataset(). [RT #13519]
option in named.conf can be used to specify a
1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
1810. [bug] configure, lib/bind/configure make different default
1808. [bug] zone.c:notify_zone() contained a race condition,
1788. [bug] libbind9.la/libbind9.so needs to link against
1785. [bug] libbind9.la/libbind9.so needs to link against
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
file clause for rbt{64} master/hint zones. [RT#13009]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1745. [bug] Dig/host/nslookup accept replies from link locals
1731. [port] darwin: relax version test in ifconfig.sh.
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
1714. [bug] dig/host/nslookup were only trying the first
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1705. [func] Allow the journal's name to be changed via named.conf.
"#include <isc/print.h>". [RT #12321]
1701. [doc] A minimal named.conf man page.
are defined in named.conf. [RT #12023]
/usr/lib. [RT #11971]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
adb.c:set_target(). [RT #11582]
1648. [func] Update dnssec-lookaside named.conf syntax to support
1625. [bug] named failed to load/transfer RFC2535 signed zones
1612. [bug] check-names at the option/view level could trigger
1599. [bug] Fix memory leak on error path when checking named.conf.
DNSSEC specify "dnssec-enable yes;" in named.conf.
1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
were specified in /etc/resolv.conf. [RT #8232]
1551. [port] Open "/dev/null" before calling chroot().
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1517. [port] Support for IPv6 interface scanning on HP/UX and
only (e.g. DE, LV, US and MUSEUM) these can be excluded
1503. [port] win32: install libeay32.dll outside of system32.
named.conf, tcp-listen-queue.
1498. [port] bsdos: 5.x support.
1478. [port] ifconfig.sh didn't account for other virtual
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
doc/misc/options. [RT #5616]
via named.conf (edns-udp-size).
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1422. [func] Log name/type/class when denying a query. [RT #4663]
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1417. [func] ID.SERVER/CHAOS is now a built in zone.
1410. [func] Handle records that live in the parent zone, e.g. DS.
1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
'recursing-file = "named.recursing";'.
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1353. [contrib] sdb/ldap to version 0.9.
in socket.c and eliminating a host of socket
1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
1336. [func] Nibble lookups under IP6.ARPA are now supported by
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
1326. [bug] DNAME/CNAME signatures were not being cached when
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1269. [port] Openserver: ifconfig.sh support.
<sys/param.h> is included or not. Be consistent.
1247. [bug] Don't reset the interface index for link/site local
1234. [bug] contrib/sdb: 'zonetodb' failed to call
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
at the named.conf checking stage. [RT #2431]
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
lib/dns to use this function instead of local one.
occurs when parsing named.conf. [RT #2275]
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
1145. [func] "host" no longer reports a NOERROR/NODATA response
named/lwresd at compile time. [RT #1982]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
could cause an assertion failure in resolver.c
violation in adb.c. [RT #2017]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
1088. [port] libbind: MPE/iX C.70 (incomplete)
on load/reload if views were used. [RT #1947]
1041. [bug] Dig/host/nslookup could catch an assertion failure
1032. [func] hostname.bind/txt/chaos now returns the name of
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
1030. [bug] On systems with no resolv.conf file, nsupdate
1029. [bug] Some named.conf errors did not cause the loading
1002. [bug] When reporting an unknown class name in named.conf,
972. [bug] The file modification time code in zone.c was using the
non-existent nlist.h. [RT #1640]
957. [bug] sys/select.h inclusion was broken on older platforms.
in named/win32/os.c due to code changes in
updated to add include path for os.h header.
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
method (rndc.conf / controls). Unlike
bin/tests. [RT #1555].
946. [cleanup] doc/misc/options is now machine-generated from the
when installing isc-config.sh.
were not accepted in named.conf. [RT #1469]
and added lib/isc/win32/entropy.c.
900. [bug] A config.guess update changed the system identification
bin/tests/system/ifconfig.sh now recognize the new
899. [bug] lib/dns/soa.c failed to compile on many platforms
897. [bug] A config.guess update changed the system identification
to Darwin. This was derived from the config.guess
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
838. [port] UnixWare 7.x.x is now suported by
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
832. [bug] The default location for named.conf in named-checkconf
825. [bug] zone.c:ns_query() detached from the wrong zone
character (i.e. "/") in its name and the directory
down-cased when signing/verifying records. [RT #1186]
in rndc.conf.
786. [bug] When DNSSEC signing/verifying data, owner names were
755. [bug] Fix incorrectly formatted log messages in zone.c.
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
739. [port] Look for /dev/random in configure, rather than
737. [port] stdtime.c failed to compile on certain platforms.
dispatch.c:do_cancel(). [RT #733]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
failure in adb.c. [RT #738]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
693. [bug] An empty lwres statement in named.conf caused
685. [bug] nslookup should use the search list/domain options
from resolv.conf by default. [RT #405, #630]
646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
for syntax checking named.conf files and zone files,
604. [bug] The named.conf parser could print incorrect line
577. [func] Log illegal RDATA combinations. e.g. multiple
570. [bug] rbtdb.c allowed zones containing nodes which had
568. [func] Add sample simple database drivers in contrib/sdb.
of rdata type/class mnemonics in log messages.
516. [bug] Cache lookups which had a NULL node pointer, e.g.
DNAME, would trigger an INSIST(!search.need_cleanup)
490. [func] When a slave/stub zone has not yet successfully
from the named.conf "listen-on" statement, sockets
477. [bug] The the isc-config.sh script could be installed before
471. [bug] nsupdate didn't compile on HP/UX 10.20
and subsequent name servers in resolv.conf if the
457. [bug] Dig/host/hslookup didn't properly handle connect
documented as such in named.conf. [RT #304, RT #311]
is specified in named.conf. [RT #306]
is specified in named.conf. [RT #301]
432. [func] Added refresh/retry jitter. The actual refresh/
428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
(e.g. glue). This could cause SERVFAILs when
e.g. due to corrupt zones with multiple SOA records.
an argc/argv style vector of words and sets
view/global one for CNAME targets and additional
369. [func] Support new named.conf options, view and zone
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
348. [func] New boolean named.conf options 'additional-from-auth'
345. [bug] Large-scale changes/cleanups to dig:
341. [func] Support 'key' clause in named.conf zone masters
327. [bug] rndc.conf parser wasn't correctly recognizing an IP
320. [func] Multiple rndc changes: parses an rndc.conf file,
319. [func] The named.conf "controls" statement is now used
314. [func] The named.conf controls statement can now have
313. [bug] When parsing resolv.conf, don't terminate on an
resolv.conf search path from 6 to 8. If there
resolv.conf was empty or a comment.
310. [func] Changes to named.conf "controls" statement (inet
are listed in resolv.conf, silently ignore them
each library's ipv6.h defines the wrapper symbol of
any $sbindir/dig from a previous release.)
that lack /dev/random.
280. [func] Add isc-config.sh, which can be used to more
two or more files in libomapi.a were not namespace
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
266. [bug] zone.c:save_nsrrset() node was not initialized.
262. [bug] 'master' was not initialized in zone.c:stub_callback().
for global options block of named.conf. Both accept
258. [bug] Fixed printing of lwres_addr_t.address field.
256. [func] isc_ratelimiter_t now has attach/detach semantics, and
253. [func] resolv.conf parser now recognizes ';' and '#' as
252. [bug] resolv.conf parser mishandled masks on sortlists.
244. [bug] empty named.conf file and empty options statement are
243. [func] new cachesize option for named.conf
+ missing sigwait prototype on BSD/OS 4.0/4.0.1.
BSD/OS 4.*, Linux and Solaris 2.8.
230. [func] Replace the dst sign/verify API with a cleaner one.
from confparser.c, because of yacc's code, are
212. [func] Added dns_message_get/settsigkey, to make TSIG
compiling in the lib/dns/sec/{dnssafe,openssl}
204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
run on a PA 1.x system."
201. [cleanup] Removed the test/sdig program, it has been
replaced by bin/dig/dig.
(e.g., running out of network buffers) were
and/or interfaces. [19-May-2000 explorer]
191. [func] Patched to compile on UnixWare 7.x. This platform
range for overflow/underflow. In the case of
184. [cleanup] Variables/functions which began with two leading
underscores were made to conform to the ANSI/ISO
179. [func] options named.conf statement *must* now come
178. [func] Post-load of named.conf check verifies a slave zone
168. [bug] include statements in named.conf caused syntax errors
162. [bug] Ensure proper range for arguments to ctype.h functions.
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
util/check-includes for how this was tested.
145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
<isc/result.h>.
of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
need <isc/eventclass.h>.
instead of <isc/time.h>.
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
and creates null keys/sets zone status bit for
<isc/result.h>.
<isc/result.h>. Multiple inclusion protection
isc_symtab_t moved to <isc/types.h>.
<isc/net.h>.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
117. [cleanup] libdns.a changes:
116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
<isc/list.h>.
<isc/mutex.h>.
<isc/list.h>.
bin/tests/{db,mem,sockaddr,tasks,timers}/.
108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
105. [doc] doc/dev/coding.html expanded with other
103. [func] libisc buffer API changes for <isc/buffer.h>:
on BSD/OS 4.1.
101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
<isc/event.h>.
or <isc/result.h>.
<isc/result.h>.
90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
from <named/listenlist.h>.
<isc/mem.h>. isc_interface_t and isc_interfaceiter_t
moved to <isc/types.h>.
86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
<isc/types.h>.
<isc/int.h>.
<isc/lang.h>.
subsumed by file.o.
OpenSSL libraries/headers.
from <dns/types.h>.
59. [bug] Cause net/host unreachable to be a hard error
58. [bug] bin/named/query.c could sometimes trigger the
(client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
<sys/param.h>.
logging module "dns/validator".
and isc_lex_t to <isc/types.h>.
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
25. [bug] make install failed to install <isc/log.h> and
configure.in to check for presence of in6addr_any.
9. [cleanup] replaced bit-setting code in confctx.c and replaced
4. [port] bin/named/unix/os.c didn't compile on systems with
get only what we need from <linux/capability.h>, and
systems without /dev/random.
lib/isc/unix/include/isc/Makefile.in had a typo which